File manager - Edit - /home/matthif/www/wp-content/languages/plugins/html.tar
Back
embed-template.php 0000666 00000000522 15224716631 0010154 0 ustar 00 <?php /** * Back-compat placeholder for the base embed template * * @package WordPress * @subpackage oEmbed * @since 4.4.0 * @deprecated 4.5.0 Moved to wp-includes/theme-compat/embed.php */ _deprecated_file( basename( __FILE__ ), '4.5.0', WPINC . '/theme-compat/embed.php' ); require ABSPATH . WPINC . '/theme-compat/embed.php'; https-migration-20260606002633.php 0000666 00000011205 15224716631 0012001 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605145451.php 0000666 00000013341 15224716631 0011776 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } editor-rtl.css 0000666 00000001640 15224716631 0007357 0 ustar 00 .block-library-html__edit .block-library-html__preview-overlay{ height:100%; position:absolute; right:0; top:0; width:100%; } .block-library-html__edit .block-editor-plain-text{ background:#fff !important; border:1px solid #1e1e1e !important; border-radius:2px !important; box-shadow:none !important; box-sizing:border-box; color:#1e1e1e !important; display:block; font-family:Menlo,Consolas,monaco,monospace !important; font-size:16px !important; max-height:250px; padding:12px !important; } @media (min-width:600px){ .block-library-html__edit .block-editor-plain-text{ font-size:13px !important; } } .block-library-html__edit .block-editor-plain-text:focus{ border-color:var(--wp-admin-theme-color) !important; box-shadow:0 0 0 1px var(--wp-admin-theme-color) !important; outline:2px solid #0000 !important; } .block-library-html__edit .block-editor-plain-text{ direction:ltr; } style-engine.php 0000666 00000016613 15224716631 0007702 0 ustar 00 <?php /** * Style engine: Public functions * * This file contains a variety of public functions developers can use to interact with * the Style Engine API. * * @package WordPress * @subpackage StyleEngine * @since 6.1.0 */ /** * Global public interface method to generate styles from a single style object, * e.g. the value of a block's attributes.style object or the top level styles in theme.json. * * Example usage: * * $styles = wp_style_engine_get_styles( * array( * 'color' => array( 'text' => '#cccccc' ), * ) * ); * * Returns: * * array( * 'css' => 'color: #cccccc', * 'declarations' => array( 'color' => '#cccccc' ), * 'classnames' => 'has-color', * ) * * @since 6.1.0 * * @see https://developer.wordpress.org/block-editor/reference-guides/theme-json-reference/theme-json-living/#styles * @see https://developer.wordpress.org/block-editor/reference-guides/block-api/block-supports/ * * @param array $block_styles The style object. * @param array $options { * Optional. An array of options. Default empty array. * * @type string|null $context An identifier describing the origin of the style object, * e.g. 'block-supports' or 'global-styles'. Default null. * When set, the style engine will attempt to store the CSS rules, * where a selector is also passed. * @type bool $convert_vars_to_classnames Whether to skip converting incoming CSS var patterns, * e.g. `var:preset|<PRESET_TYPE>|<PRESET_SLUG>`, * to `var( --wp--preset--* )` values. Default false. * @type string $selector Optional. When a selector is passed, * the value of `$css` in the return value will comprise * a full CSS rule `$selector { ...$css_declarations }`, * otherwise, the value will be a concatenated string * of CSS declarations. * } * @return array { * @type string $css A CSS ruleset or declarations block * formatted to be placed in an HTML `style` attribute or tag. * @type string[] $declarations An associative array of CSS definitions, * e.g. `array( "$property" => "$value", "$property" => "$value" )`. * @type string $classnames Classnames separated by a space. * } */ function wp_style_engine_get_styles( $block_styles, $options = array() ) { $options = wp_parse_args( $options, array( 'selector' => null, 'context' => null, 'convert_vars_to_classnames' => false, ) ); $parsed_styles = WP_Style_Engine::parse_block_styles( $block_styles, $options ); // Output. $styles_output = array(); if ( ! empty( $parsed_styles['declarations'] ) ) { $styles_output['css'] = WP_Style_Engine::compile_css( $parsed_styles['declarations'], $options['selector'] ); $styles_output['declarations'] = $parsed_styles['declarations']; if ( ! empty( $options['context'] ) ) { WP_Style_Engine::store_css_rule( $options['context'], $options['selector'], $parsed_styles['declarations'] ); } } if ( ! empty( $parsed_styles['classnames'] ) ) { $styles_output['classnames'] = implode( ' ', array_unique( $parsed_styles['classnames'] ) ); } return array_filter( $styles_output ); } /** * Returns compiled CSS from a collection of selectors and declarations. * Useful for returning a compiled stylesheet from any collection of CSS selector + declarations. * * Example usage: * * $css_rules = array( * array( * 'selector' => '.elephant-are-cool', * 'declarations' => array( * 'color' => 'gray', * 'width' => '3em', * ), * ), * ); * * $css = wp_style_engine_get_stylesheet_from_css_rules( $css_rules ); * * Returns: * * .elephant-are-cool{color:gray;width:3em} * * @since 6.1.0 * @since 6.6.0 Added support for `$rules_group` in the `$css_rules` array. * * @param array $css_rules { * Required. A collection of CSS rules. * * @type array ...$0 { * @type string $rules_group A parent CSS selector in the case of nested CSS, * or a CSS nested @rule, such as `@media (min-width: 80rem)` or `@layer module`. * @type string $selector A CSS selector. * @type string[] $declarations An associative array of CSS definitions, * e.g. `array( "$property" => "$value", "$property" => "$value" )`. * } * } * @param array $options { * Optional. An array of options. Default empty array. * * @type string|null $context An identifier describing the origin of the style object, * e.g. 'block-supports' or 'global-styles'. Default 'block-supports'. * When set, the style engine will attempt to store the CSS rules. * @type bool $optimize Whether to optimize the CSS output, e.g. combine rules. * Default false. * @type bool $prettify Whether to add new lines and indents to output. * Defaults to whether the `SCRIPT_DEBUG` constant is defined. * } * @return string A string of compiled CSS declarations, or empty string. */ function wp_style_engine_get_stylesheet_from_css_rules( $css_rules, $options = array() ) { if ( empty( $css_rules ) ) { return ''; } $options = wp_parse_args( $options, array( 'context' => null, ) ); $css_rule_objects = array(); foreach ( $css_rules as $css_rule ) { if ( empty( $css_rule['selector'] ) || empty( $css_rule['declarations'] ) || ! is_array( $css_rule['declarations'] ) ) { continue; } $rules_group = $css_rule['rules_group'] ?? null; if ( ! empty( $options['context'] ) ) { WP_Style_Engine::store_css_rule( $options['context'], $css_rule['selector'], $css_rule['declarations'], $rules_group ); } $css_rule_objects[] = new WP_Style_Engine_CSS_Rule( $css_rule['selector'], $css_rule['declarations'], $rules_group ); } if ( empty( $css_rule_objects ) ) { return ''; } return WP_Style_Engine::compile_stylesheet_from_css_rules( $css_rule_objects, $options ); } /** * Returns compiled CSS from a store, if found. * * @since 6.1.0 * * @param string $context A valid context name, corresponding to an existing store key. * @param array $options { * Optional. An array of options. Default empty array. * * @type bool $optimize Whether to optimize the CSS output, e.g. combine rules. * Default false. * @type bool $prettify Whether to add new lines and indents to output. * Defaults to whether the `SCRIPT_DEBUG` constant is defined. * } * @return string A compiled CSS string. */ function wp_style_engine_get_stylesheet_from_context( $context, $options = array() ) { return WP_Style_Engine::compile_stylesheet_from_css_rules( WP_Style_Engine::get_store( $context )->get_all_rules(), $options ); } https-migration-20260606124555.php 0000666 00000011205 15224716631 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606065259.php 0000666 00000013341 15224716631 0012006 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260613232255.php 0000666 00000013341 15224716631 0011774 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605034026.php 0000666 00000013341 15224716631 0011771 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260606041235-20260621230620.php 0000666 00000013341 15224716631 0013347 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } editor-rtl.min.css 0000666 00000001477 15224716631 0010151 0 ustar 00 .block-library-html__edit .block-library-html__preview-overlay{height:100%;position:absolute;right:0;top:0;width:100%}.block-library-html__edit .block-editor-plain-text{background:#fff!important;border:1px solid #1e1e1e!important;border-radius:2px!important;box-shadow:none!important;box-sizing:border-box;color:#1e1e1e!important;display:block;font-family:Menlo,Consolas,monaco,monospace!important;font-size:16px!important;max-height:250px;padding:12px!important}@media (min-width:600px){.block-library-html__edit .block-editor-plain-text{font-size:13px!important}}.block-library-html__edit .block-editor-plain-text:focus{border-color:var(--wp-admin-theme-color)!important;box-shadow:0 0 0 1px var(--wp-admin-theme-color)!important;outline:2px solid #0000!important}.block-library-html__edit .block-editor-plain-text{direction:ltr} https-detection-20260623210321.php 0000666 00000013341 15224716631 0011763 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260606104455.php 0000666 00000013341 15224716631 0011776 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605080452.php 0000666 00000013341 15224716631 0011775 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605090837.php 0000666 00000013341 15224716631 0012005 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260622015131.php 0000666 00000013341 15224716631 0011764 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-block-parser.php 0000666 00000026374 15224716631 0011417 0 ustar 00 <?php /** * Block Serialization Parser * * @package WordPress */ /** * Class WP_Block_Parser * * Parses a document and constructs a list of parsed block objects * * @since 5.0.0 * @since 4.0.0 returns arrays not objects, all attributes are arrays */ class WP_Block_Parser { /** * Input document being parsed * * @example "Pre-text\n<!-- wp:paragraph -->This is inside a block!<!-- /wp:paragraph -->" * * @since 5.0.0 * @var string */ public $document; /** * Tracks parsing progress through document * * @since 5.0.0 * @var int */ public $offset; /** * List of parsed blocks * * @since 5.0.0 * @var array[] */ public $output; /** * Stack of partially-parsed structures in memory during parse * * @since 5.0.0 * @var WP_Block_Parser_Frame[] */ public $stack; /** * Parses a document and returns a list of block structures * * When encountering an invalid parse will return a best-effort * parse. In contrast to the specification parser this does not * return an error on invalid inputs. * * @since 5.0.0 * * @param string $document Input document being parsed. * @return array[] */ public function parse( $document ) { $this->document = $document; $this->offset = 0; $this->output = array(); $this->stack = array(); while ( $this->proceed() ) { continue; } return $this->output; } /** * Processes the next token from the input document * and returns whether to proceed eating more tokens * * This is the "next step" function that essentially * takes a token as its input and decides what to do * with that token before descending deeper into a * nested block tree or continuing along the document * or breaking out of a level of nesting. * * @internal * @since 5.0.0 * @return bool */ public function proceed() { $next_token = $this->next_token(); list( $token_type, $block_name, $attrs, $start_offset, $token_length ) = $next_token; $stack_depth = count( $this->stack ); // we may have some HTML soup before the next block. $leading_html_start = $start_offset > $this->offset ? $this->offset : null; switch ( $token_type ) { case 'no-more-tokens': // if not in a block then flush output. if ( 0 === $stack_depth ) { $this->add_freeform(); return false; } /* * Otherwise we have a problem * This is an error * * we have options * - treat it all as freeform text * - assume an implicit closer (easiest when not nesting) */ // for the easy case we'll assume an implicit closer. if ( 1 === $stack_depth ) { $this->add_block_from_stack(); return false; } /* * for the nested case where it's more difficult we'll * have to assume that multiple closers are missing * and so we'll collapse the whole stack piecewise */ while ( 0 < count( $this->stack ) ) { $this->add_block_from_stack(); } return false; case 'void-block': /* * easy case is if we stumbled upon a void block * in the top-level of the document */ if ( 0 === $stack_depth ) { if ( isset( $leading_html_start ) ) { $this->output[] = (array) $this->freeform( substr( $this->document, $leading_html_start, $start_offset - $leading_html_start ) ); } $this->output[] = (array) new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ); $this->offset = $start_offset + $token_length; return true; } // otherwise we found an inner block. $this->add_inner_block( new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ), $start_offset, $token_length ); $this->offset = $start_offset + $token_length; return true; case 'block-opener': // track all newly-opened blocks on the stack. array_push( $this->stack, new WP_Block_Parser_Frame( new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ), $start_offset, $token_length, $start_offset + $token_length, $leading_html_start ) ); $this->offset = $start_offset + $token_length; return true; case 'block-closer': /* * if we're missing an opener we're in trouble * This is an error */ if ( 0 === $stack_depth ) { /* * we have options * - assume an implicit opener * - assume _this_ is the opener * - give up and close out the document */ $this->add_freeform(); return false; } // if we're not nesting then this is easy - close the block. if ( 1 === $stack_depth ) { $this->add_block_from_stack( $start_offset ); $this->offset = $start_offset + $token_length; return true; } /* * otherwise we're nested and we have to close out the current * block and add it as a new innerBlock to the parent */ $stack_top = array_pop( $this->stack ); $html = substr( $this->document, $stack_top->prev_offset, $start_offset - $stack_top->prev_offset ); $stack_top->block->innerHTML .= $html; $stack_top->block->innerContent[] = $html; $stack_top->prev_offset = $start_offset + $token_length; $this->add_inner_block( $stack_top->block, $stack_top->token_start, $stack_top->token_length, $start_offset + $token_length ); $this->offset = $start_offset + $token_length; return true; default: // This is an error. $this->add_freeform(); return false; } } /** * Scans the document from where we last left off * and finds the next valid token to parse if it exists * * Returns the type of the find: kind of find, block information, attributes * * @internal * @since 5.0.0 * @since 4.6.1 fixed a bug in attribute parsing which caused catastrophic backtracking on invalid block comments * @return array */ public function next_token() { $matches = null; /* * aye the magic * we're using a single RegExp to tokenize the block comment delimiters * we're also using a trick here because the only difference between a * block opener and a block closer is the leading `/` before `wp:` (and * a closer has no attributes). we can trap them both and process the * match back in PHP to see which one it was. */ $has_match = preg_match( '/<!--\s+(?P<closer>\/)?wp:(?P<namespace>[a-z][a-z0-9_-]*\/)?(?P<name>[a-z][a-z0-9_-]*)\s+(?P<attrs>{(?:(?:[^}]+|}+(?=})|(?!}\s+\/?-->).)*+)?}\s+)?(?P<void>\/)?-->/s', $this->document, $matches, PREG_OFFSET_CAPTURE, $this->offset ); // if we get here we probably have catastrophic backtracking or out-of-memory in the PCRE. if ( false === $has_match ) { return array( 'no-more-tokens', null, null, null, null ); } // we have no more tokens. if ( 0 === $has_match ) { return array( 'no-more-tokens', null, null, null, null ); } list( $match, $started_at ) = $matches[0]; $length = strlen( $match ); $is_closer = isset( $matches['closer'] ) && -1 !== $matches['closer'][1]; $is_void = isset( $matches['void'] ) && -1 !== $matches['void'][1]; $namespace = $matches['namespace']; $namespace = ( isset( $namespace ) && -1 !== $namespace[1] ) ? $namespace[0] : 'core/'; $name = $namespace . $matches['name'][0]; $has_attrs = isset( $matches['attrs'] ) && -1 !== $matches['attrs'][1]; /* * Fun fact! It's not trivial in PHP to create "an empty associative array" since all arrays * are associative arrays. If we use `array()` we get a JSON `[]` */ $attrs = $has_attrs ? json_decode( $matches['attrs'][0], /* as-associative */ true ) : array(); /* * This state isn't allowed * This is an error */ if ( $is_closer && ( $is_void || $has_attrs ) ) { // we can ignore them since they don't hurt anything. } if ( $is_void ) { return array( 'void-block', $name, $attrs, $started_at, $length ); } if ( $is_closer ) { return array( 'block-closer', $name, null, $started_at, $length ); } return array( 'block-opener', $name, $attrs, $started_at, $length ); } /** * Returns a new block object for freeform HTML * * @internal * @since 5.0.0 * * @param string $inner_html HTML content of block. * @return WP_Block_Parser_Block freeform block object. */ public function freeform( $inner_html ) { return new WP_Block_Parser_Block( null, array(), array(), $inner_html, array( $inner_html ) ); } /** * Pushes a length of text from the input document * to the output list as a freeform block. * * @internal * @since 5.0.0 * @param null $length how many bytes of document text to output. */ public function add_freeform( $length = null ) { $length = $length ? $length : strlen( $this->document ) - $this->offset; if ( 0 === $length ) { return; } $this->output[] = (array) $this->freeform( substr( $this->document, $this->offset, $length ) ); } /** * Given a block structure from memory pushes * a new block to the output list. * * @internal * @since 5.0.0 * @param WP_Block_Parser_Block $block The block to add to the output. * @param int $token_start Byte offset into the document where the first token for the block starts. * @param int $token_length Byte length of entire block from start of opening token to end of closing token. * @param int|null $last_offset Last byte offset into document if continuing form earlier output. */ public function add_inner_block( WP_Block_Parser_Block $block, $token_start, $token_length, $last_offset = null ) { $parent = $this->stack[ count( $this->stack ) - 1 ]; $parent->block->innerBlocks[] = (array) $block; $html = substr( $this->document, $parent->prev_offset, $token_start - $parent->prev_offset ); if ( ! empty( $html ) ) { $parent->block->innerHTML .= $html; $parent->block->innerContent[] = $html; } $parent->block->innerContent[] = null; $parent->prev_offset = $last_offset ? $last_offset : $token_start + $token_length; } /** * Pushes the top block from the parsing stack to the output list. * * @internal * @since 5.0.0 * @param int|null $end_offset byte offset into document for where we should stop sending text output as HTML. */ public function add_block_from_stack( $end_offset = null ) { $stack_top = array_pop( $this->stack ); $prev_offset = $stack_top->prev_offset; $html = isset( $end_offset ) ? substr( $this->document, $prev_offset, $end_offset - $prev_offset ) : substr( $this->document, $prev_offset ); if ( ! empty( $html ) ) { $stack_top->block->innerHTML .= $html; $stack_top->block->innerContent[] = $html; } if ( isset( $stack_top->leading_html_start ) ) { $this->output[] = (array) $this->freeform( substr( $this->document, $stack_top->leading_html_start, $stack_top->token_start - $stack_top->leading_html_start ) ); } $this->output[] = (array) $stack_top->block; } } /** * WP_Block_Parser_Block class. * * Required for backward compatibility in WordPress Core. */ require_once __DIR__ . '/class-wp-block-parser-block.php'; /** * WP_Block_Parser_Frame class. * * Required for backward compatibility in WordPress Core. */ require_once __DIR__ . '/class-wp-block-parser-frame.php'; https-migration-20260607003752-20260710022003.php 0000666 00000011205 15224716631 0013353 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605122638.php 0000666 00000011205 15224716631 0012010 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-oembed.php 0000666 00000000621 15224716631 0007625 0 ustar 00 <?php /** * API for fetching the HTML to embed remote content based on a provided URL. * * This file is deprecated, use 'wp-includes/class-wp-oembed.php' instead. * * @deprecated 5.3.0 * @package WordPress * @subpackage oEmbed */ _deprecated_file( basename( __FILE__ ), '5.3.0', WPINC . '/class-wp-oembed.php' ); /** WP_oEmbed class */ require_once ABSPATH . WPINC . '/class-wp-oembed.php'; https-migration-20260606042005.php 0000666 00000011205 15224716631 0011776 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605225728.php 0000666 00000011205 15224716631 0012014 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605171925.php 0000666 00000011205 15224716631 0012013 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } block.json 0000666 00000001044 15224716631 0006543 0 ustar 00 { "$schema": "https://schemas.wp.org/trunk/block.json", "apiVersion": 3, "name": "core/html", "title": "Custom HTML", "category": "widgets", "description": "Add custom HTML code and preview it as you edit.", "keywords": [ "embed" ], "textdomain": "default", "attributes": { "content": { "type": "string", "source": "raw", "role": "content" } }, "supports": { "customClassName": false, "className": false, "html": false, "interactivity": { "clientNavigation": true } }, "editorStyle": "wp-block-html-editor" } https-migration-20260622024947-20260706153833.php 0000666 00000011205 15224716631 0013406 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wp-user-query.php 0000666 00000126206 15224716631 0011147 0 ustar 00 <?php /** * User API: WP_User_Query class * * @package WordPress * @subpackage Users * @since 4.4.0 */ /** * Core class used for querying users. * * @since 3.1.0 * * @see WP_User_Query::prepare_query() for information on accepted arguments. */ #[AllowDynamicProperties] class WP_User_Query { /** * Query vars, after parsing * * @since 3.5.0 * @var array */ public $query_vars = array(); /** * List of found user IDs. * * @since 3.1.0 * @var array */ private $results; /** * Total number of found users for the current query * * @since 3.1.0 * @var int */ private $total_users = 0; /** * Metadata query container. * * @since 4.2.0 * @var WP_Meta_Query */ public $meta_query = false; /** * The SQL query used to fetch matching users. * * @since 4.4.0 * @var string */ public $request; private $compat_fields = array( 'results', 'total_users' ); // SQL clauses. public $query_fields; public $query_from; public $query_where; public $query_orderby; public $query_limit; /** * Constructor. * * @since 3.1.0 * * @param null|string|array $query Optional. The query variables. * See WP_User_Query::prepare_query() for information on accepted arguments. */ public function __construct( $query = null ) { if ( ! empty( $query ) ) { $this->prepare_query( $query ); $this->query(); } } /** * Fills in missing query variables with default values. * * @since 4.4.0 * * @param string|array $args Query vars, as passed to `WP_User_Query`. * @return array Complete query variables with undefined ones filled in with defaults. */ public static function fill_query_vars( $args ) { $defaults = array( 'blog_id' => get_current_blog_id(), 'role' => '', 'role__in' => array(), 'role__not_in' => array(), 'capability' => '', 'capability__in' => array(), 'capability__not_in' => array(), 'meta_key' => '', 'meta_value' => '', 'meta_compare' => '', 'include' => array(), 'exclude' => array(), 'search' => '', 'search_columns' => array(), 'orderby' => 'login', 'order' => 'ASC', 'offset' => '', 'number' => '', 'paged' => 1, 'count_total' => true, 'fields' => 'all', 'who' => '', 'has_published_posts' => null, 'nicename' => '', 'nicename__in' => array(), 'nicename__not_in' => array(), 'login' => '', 'login__in' => array(), 'login__not_in' => array(), 'cache_results' => true, ); return wp_parse_args( $args, $defaults ); } /** * Prepares the query variables. * * @since 3.1.0 * @since 4.1.0 Added the ability to order by the `include` value. * @since 4.2.0 Added 'meta_value_num' support for `$orderby` parameter. Added multi-dimensional array syntax * for `$orderby` parameter. * @since 4.3.0 Added 'has_published_posts' parameter. * @since 4.4.0 Added 'paged', 'role__in', and 'role__not_in' parameters. The 'role' parameter was updated to * permit an array or comma-separated list of values. The 'number' parameter was updated to support * querying for all users with using -1. * @since 4.7.0 Added 'nicename', 'nicename__in', 'nicename__not_in', 'login', 'login__in', * and 'login__not_in' parameters. * @since 5.1.0 Introduced the 'meta_compare_key' parameter. * @since 5.3.0 Introduced the 'meta_type_key' parameter. * @since 5.9.0 Added 'capability', 'capability__in', and 'capability__not_in' parameters. * Deprecated the 'who' parameter. * @since 6.3.0 Added 'cache_results' parameter. * * @global wpdb $wpdb WordPress database abstraction object. * @global WP_Roles $wp_roles WordPress role management object. * * @param string|array $query { * Optional. Array or string of query parameters. * * @type int $blog_id The site ID. Default is the current site. * @type string|string[] $role An array or a comma-separated list of role names that users * must match to be included in results. Note that this is * an inclusive list: users must match *each* role. Default empty. * @type string[] $role__in An array of role names. Matched users must have at least one * of these roles. Default empty array. * @type string[] $role__not_in An array of role names to exclude. Users matching one or more * of these roles will not be included in results. Default empty array. * @type string|string[] $meta_key Meta key or keys to filter by. * @type string|string[] $meta_value Meta value or values to filter by. * @type string $meta_compare MySQL operator used for comparing the meta value. * See WP_Meta_Query::__construct() for accepted values and default value. * @type string $meta_compare_key MySQL operator used for comparing the meta key. * See WP_Meta_Query::__construct() for accepted values and default value. * @type string $meta_type MySQL data type that the meta_value column will be CAST to for comparisons. * See WP_Meta_Query::__construct() for accepted values and default value. * @type string $meta_type_key MySQL data type that the meta_key column will be CAST to for comparisons. * See WP_Meta_Query::__construct() for accepted values and default value. * @type array $meta_query An associative array of WP_Meta_Query arguments. * See WP_Meta_Query::__construct() for accepted values. * @type string|string[] $capability An array or a comma-separated list of capability names that users * must match to be included in results. Note that this is * an inclusive list: users must match *each* capability. * Does NOT work for capabilities not in the database or filtered * via {@see 'map_meta_cap'}. Default empty. * @type string[] $capability__in An array of capability names. Matched users must have at least one * of these capabilities. * Does NOT work for capabilities not in the database or filtered * via {@see 'map_meta_cap'}. Default empty array. * @type string[] $capability__not_in An array of capability names to exclude. Users matching one or more * of these capabilities will not be included in results. * Does NOT work for capabilities not in the database or filtered * via {@see 'map_meta_cap'}. Default empty array. * @type int[] $include An array of user IDs to include. Default empty array. * @type int[] $exclude An array of user IDs to exclude. Default empty array. * @type string $search Search keyword. Searches for possible string matches on columns. * When `$search_columns` is left empty, it tries to determine which * column to search in based on search string. Default empty. * @type string[] $search_columns Array of column names to be searched. Accepts 'ID', 'user_login', * 'user_email', 'user_url', 'user_nicename', 'display_name'. * Default empty array. * @type string|array $orderby Field(s) to sort the retrieved users by. May be a single value, * an array of values, or a multi-dimensional array with fields as * keys and orders ('ASC' or 'DESC') as values. Accepted values are: * - 'ID' * - 'display_name' (or 'name') * - 'include' * - 'user_login' (or 'login') * - 'login__in' * - 'user_nicename' (or 'nicename') * - 'nicename__in' * - 'user_email' (or 'email') * - 'user_url' (or 'url') * - 'user_registered' (or 'registered') * - 'post_count' * - 'meta_value' * - 'meta_value_num' * - The value of `$meta_key` * - An array key of `$meta_query` * To use 'meta_value' or 'meta_value_num', `$meta_key` * must be also be defined. Default 'user_login'. * @type string $order Designates ascending or descending order of users. Order values * passed as part of an `$orderby` array take precedence over this * parameter. Accepts 'ASC', 'DESC'. Default 'ASC'. * @type int $offset Number of users to offset in retrieved results. Can be used in * conjunction with pagination. Default 0. * @type int $number Number of users to limit the query for. Can be used in * conjunction with pagination. Value -1 (all) is supported, but * should be used with caution on larger sites. * Default -1 (all users). * @type int $paged When used with number, defines the page of results to return. * Default 1. * @type bool $count_total Whether to count the total number of users found. If pagination * is not needed, setting this to false can improve performance. * Default true. * @type string|string[] $fields Which fields to return. Single or all fields (string), or array * of fields. Accepts: * - 'ID' * - 'display_name' * - 'user_login' * - 'user_nicename' * - 'user_email' * - 'user_url' * - 'user_registered' * - 'user_pass' * - 'user_activation_key' * - 'user_status' * - 'spam' (only available on multisite installs) * - 'deleted' (only available on multisite installs) * - 'all' for all fields and loads user meta. * - 'all_with_meta' Deprecated. Use 'all'. * Default 'all'. * @type string $who Deprecated, use `$capability` instead. * Type of users to query. Accepts 'authors'. * Default empty (all users). * @type bool|string[] $has_published_posts Pass an array of post types to filter results to users who have * published posts in those post types. `true` is an alias for all * public post types. * @type string $nicename The user nicename. Default empty. * @type string[] $nicename__in An array of nicenames to include. Users matching one of these * nicenames will be included in results. Default empty array. * @type string[] $nicename__not_in An array of nicenames to exclude. Users matching one of these * nicenames will not be included in results. Default empty array. * @type string $login The user login. Default empty. * @type string[] $login__in An array of logins to include. Users matching one of these * logins will be included in results. Default empty array. * @type string[] $login__not_in An array of logins to exclude. Users matching one of these * logins will not be included in results. Default empty array. * @type bool $cache_results Whether to cache user information. Default true. * } */ public function prepare_query( $query = array() ) { global $wpdb, $wp_roles; if ( empty( $this->query_vars ) || ! empty( $query ) ) { $this->query_limit = null; $this->query_vars = $this->fill_query_vars( $query ); } /** * Fires before the WP_User_Query has been parsed. * * The passed WP_User_Query object contains the query variables, * not yet passed into SQL. * * @since 4.0.0 * * @param WP_User_Query $query Current instance of WP_User_Query (passed by reference). */ do_action_ref_array( 'pre_get_users', array( &$this ) ); // Ensure that query vars are filled after 'pre_get_users'. $qv =& $this->query_vars; $qv = $this->fill_query_vars( $qv ); $allowed_fields = array( 'id', 'user_login', 'user_pass', 'user_nicename', 'user_email', 'user_url', 'user_registered', 'user_activation_key', 'user_status', 'display_name', ); if ( is_multisite() ) { $allowed_fields[] = 'spam'; $allowed_fields[] = 'deleted'; } if ( is_array( $qv['fields'] ) ) { $qv['fields'] = array_map( 'strtolower', $qv['fields'] ); $qv['fields'] = array_intersect( array_unique( $qv['fields'] ), $allowed_fields ); if ( empty( $qv['fields'] ) ) { $qv['fields'] = array( 'id' ); } $this->query_fields = array(); foreach ( $qv['fields'] as $field ) { $field = 'id' === $field ? 'ID' : sanitize_key( $field ); $this->query_fields[] = "$wpdb->users.$field"; } $this->query_fields = implode( ',', $this->query_fields ); } elseif ( 'all_with_meta' === $qv['fields'] || 'all' === $qv['fields'] || ! in_array( $qv['fields'], $allowed_fields, true ) ) { $this->query_fields = "$wpdb->users.ID"; } else { $field = 'id' === strtolower( $qv['fields'] ) ? 'ID' : sanitize_key( $qv['fields'] ); $this->query_fields = "$wpdb->users.$field"; } if ( isset( $qv['count_total'] ) && $qv['count_total'] ) { $this->query_fields = 'SQL_CALC_FOUND_ROWS ' . $this->query_fields; } $this->query_from = "FROM $wpdb->users"; $this->query_where = 'WHERE 1=1'; // Parse and sanitize 'include', for use by 'orderby' as well as 'include' below. if ( ! empty( $qv['include'] ) ) { $include = wp_parse_id_list( $qv['include'] ); } else { $include = false; } $blog_id = 0; if ( isset( $qv['blog_id'] ) ) { $blog_id = absint( $qv['blog_id'] ); } if ( $qv['has_published_posts'] && $blog_id ) { if ( true === $qv['has_published_posts'] ) { $post_types = get_post_types( array( 'public' => true ) ); } else { $post_types = (array) $qv['has_published_posts']; } foreach ( $post_types as &$post_type ) { $post_type = $wpdb->prepare( '%s', $post_type ); } $posts_table = $wpdb->get_blog_prefix( $blog_id ) . 'posts'; $this->query_where .= " AND $wpdb->users.ID IN ( SELECT DISTINCT $posts_table.post_author FROM $posts_table WHERE $posts_table.post_status = 'publish' AND $posts_table.post_type IN ( " . implode( ', ', $post_types ) . ' ) )'; } // nicename if ( '' !== $qv['nicename'] ) { $this->query_where .= $wpdb->prepare( ' AND user_nicename = %s', $qv['nicename'] ); } if ( ! empty( $qv['nicename__in'] ) ) { $sanitized_nicename__in = array_map( 'esc_sql', $qv['nicename__in'] ); $nicename__in = implode( "','", $sanitized_nicename__in ); $this->query_where .= " AND user_nicename IN ( '$nicename__in' )"; } if ( ! empty( $qv['nicename__not_in'] ) ) { $sanitized_nicename__not_in = array_map( 'esc_sql', $qv['nicename__not_in'] ); $nicename__not_in = implode( "','", $sanitized_nicename__not_in ); $this->query_where .= " AND user_nicename NOT IN ( '$nicename__not_in' )"; } // login if ( '' !== $qv['login'] ) { $this->query_where .= $wpdb->prepare( ' AND user_login = %s', $qv['login'] ); } if ( ! empty( $qv['login__in'] ) ) { $sanitized_login__in = array_map( 'esc_sql', $qv['login__in'] ); $login__in = implode( "','", $sanitized_login__in ); $this->query_where .= " AND user_login IN ( '$login__in' )"; } if ( ! empty( $qv['login__not_in'] ) ) { $sanitized_login__not_in = array_map( 'esc_sql', $qv['login__not_in'] ); $login__not_in = implode( "','", $sanitized_login__not_in ); $this->query_where .= " AND user_login NOT IN ( '$login__not_in' )"; } // Meta query. $this->meta_query = new WP_Meta_Query(); $this->meta_query->parse_query_vars( $qv ); if ( isset( $qv['who'] ) && 'authors' === $qv['who'] && $blog_id ) { _deprecated_argument( 'WP_User_Query', '5.9.0', sprintf( /* translators: 1: who, 2: capability */ __( '%1$s is deprecated. Use %2$s instead.' ), '<code>who</code>', '<code>capability</code>' ) ); $who_query = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'user_level', 'value' => 0, 'compare' => '!=', ); // Prevent extra meta query. $qv['blog_id'] = 0; $blog_id = 0; if ( empty( $this->meta_query->queries ) ) { $this->meta_query->queries = array( $who_query ); } else { // Append the cap query to the original queries and reparse the query. $this->meta_query->queries = array( 'relation' => 'AND', array( $this->meta_query->queries, $who_query ), ); } $this->meta_query->parse_query_vars( $this->meta_query->queries ); } // Roles. $roles = array(); if ( isset( $qv['role'] ) ) { if ( is_array( $qv['role'] ) ) { $roles = $qv['role']; } elseif ( is_string( $qv['role'] ) && ! empty( $qv['role'] ) ) { $roles = array_map( 'trim', explode( ',', $qv['role'] ) ); } } $role__in = array(); if ( isset( $qv['role__in'] ) ) { $role__in = (array) $qv['role__in']; } $role__not_in = array(); if ( isset( $qv['role__not_in'] ) ) { $role__not_in = (array) $qv['role__not_in']; } // Capabilities. $available_roles = array(); if ( ! empty( $qv['capability'] ) || ! empty( $qv['capability__in'] ) || ! empty( $qv['capability__not_in'] ) ) { $wp_roles->for_site( $blog_id ); $available_roles = $wp_roles->roles; } $capabilities = array(); if ( ! empty( $qv['capability'] ) ) { if ( is_array( $qv['capability'] ) ) { $capabilities = $qv['capability']; } elseif ( is_string( $qv['capability'] ) ) { $capabilities = array_map( 'trim', explode( ',', $qv['capability'] ) ); } } $capability__in = array(); if ( ! empty( $qv['capability__in'] ) ) { $capability__in = (array) $qv['capability__in']; } $capability__not_in = array(); if ( ! empty( $qv['capability__not_in'] ) ) { $capability__not_in = (array) $qv['capability__not_in']; } // Keep track of all capabilities and the roles they're added on. $caps_with_roles = array(); foreach ( $available_roles as $role => $role_data ) { $role_caps = array_keys( array_filter( $role_data['capabilities'] ) ); foreach ( $capabilities as $cap ) { if ( in_array( $cap, $role_caps, true ) ) { $caps_with_roles[ $cap ][] = $role; break; } } foreach ( $capability__in as $cap ) { if ( in_array( $cap, $role_caps, true ) ) { $role__in[] = $role; break; } } foreach ( $capability__not_in as $cap ) { if ( in_array( $cap, $role_caps, true ) ) { $role__not_in[] = $role; break; } } } $role__in = array_merge( $role__in, $capability__in ); $role__not_in = array_merge( $role__not_in, $capability__not_in ); $roles = array_unique( $roles ); $role__in = array_unique( $role__in ); $role__not_in = array_unique( $role__not_in ); // Support querying by capabilities added directly to users. if ( $blog_id && ! empty( $capabilities ) ) { $capabilities_clauses = array( 'relation' => 'AND' ); foreach ( $capabilities as $cap ) { $clause = array( 'relation' => 'OR' ); $clause[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $cap . '"', 'compare' => 'LIKE', ); if ( ! empty( $caps_with_roles[ $cap ] ) ) { foreach ( $caps_with_roles[ $cap ] as $role ) { $clause[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $role . '"', 'compare' => 'LIKE', ); } } $capabilities_clauses[] = $clause; } $role_queries[] = $capabilities_clauses; if ( empty( $this->meta_query->queries ) ) { $this->meta_query->queries[] = $capabilities_clauses; } else { // Append the cap query to the original queries and reparse the query. $this->meta_query->queries = array( 'relation' => 'AND', array( $this->meta_query->queries, array( $capabilities_clauses ) ), ); } $this->meta_query->parse_query_vars( $this->meta_query->queries ); } if ( $blog_id && ( ! empty( $roles ) || ! empty( $role__in ) || ! empty( $role__not_in ) || is_multisite() ) ) { $role_queries = array(); $roles_clauses = array( 'relation' => 'AND' ); if ( ! empty( $roles ) ) { foreach ( $roles as $role ) { $roles_clauses[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $role . '"', 'compare' => 'LIKE', ); } $role_queries[] = $roles_clauses; } $role__in_clauses = array( 'relation' => 'OR' ); if ( ! empty( $role__in ) ) { foreach ( $role__in as $role ) { $role__in_clauses[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $role . '"', 'compare' => 'LIKE', ); } $role_queries[] = $role__in_clauses; } $role__not_in_clauses = array( 'relation' => 'AND' ); if ( ! empty( $role__not_in ) ) { foreach ( $role__not_in as $role ) { $role__not_in_clauses[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $role . '"', 'compare' => 'NOT LIKE', ); } $role_queries[] = $role__not_in_clauses; } // If there are no specific roles named, make sure the user is a member of the site. if ( empty( $role_queries ) ) { $role_queries[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'compare' => 'EXISTS', ); } // Specify that role queries should be joined with AND. $role_queries['relation'] = 'AND'; if ( empty( $this->meta_query->queries ) ) { $this->meta_query->queries = $role_queries; } else { // Append the cap query to the original queries and reparse the query. $this->meta_query->queries = array( 'relation' => 'AND', array( $this->meta_query->queries, $role_queries ), ); } $this->meta_query->parse_query_vars( $this->meta_query->queries ); } if ( ! empty( $this->meta_query->queries ) ) { $clauses = $this->meta_query->get_sql( 'user', $wpdb->users, 'ID', $this ); $this->query_from .= $clauses['join']; $this->query_where .= $clauses['where']; if ( $this->meta_query->has_or_relation() ) { $this->query_fields = 'DISTINCT ' . $this->query_fields; } } // Sorting. $qv['order'] = isset( $qv['order'] ) ? strtoupper( $qv['order'] ) : ''; $order = $this->parse_order( $qv['order'] ); if ( empty( $qv['orderby'] ) ) { // Default order is by 'user_login'. $ordersby = array( 'user_login' => $order ); } elseif ( is_array( $qv['orderby'] ) ) { $ordersby = $qv['orderby']; } else { // 'orderby' values may be a comma- or space-separated list. $ordersby = preg_split( '/[,\s]+/', $qv['orderby'] ); } $orderby_array = array(); foreach ( $ordersby as $_key => $_value ) { if ( ! $_value ) { continue; } if ( is_int( $_key ) ) { // Integer key means this is a flat array of 'orderby' fields. $_orderby = $_value; $_order = $order; } else { // Non-integer key means this the key is the field and the value is ASC/DESC. $_orderby = $_key; $_order = $_value; } $parsed = $this->parse_orderby( $_orderby ); if ( ! $parsed ) { continue; } if ( 'nicename__in' === $_orderby || 'login__in' === $_orderby ) { $orderby_array[] = $parsed; } else { $orderby_array[] = $parsed . ' ' . $this->parse_order( $_order ); } } // If no valid clauses were found, order by user_login. if ( empty( $orderby_array ) ) { $orderby_array[] = "user_login $order"; } $this->query_orderby = 'ORDER BY ' . implode( ', ', $orderby_array ); // Limit. if ( isset( $qv['number'] ) && $qv['number'] > 0 ) { if ( $qv['offset'] ) { $this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['offset'], $qv['number'] ); } else { $this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['number'] * ( $qv['paged'] - 1 ), $qv['number'] ); } } $search = ''; if ( isset( $qv['search'] ) ) { $search = trim( $qv['search'] ); } if ( $search ) { $leading_wild = ( ltrim( $search, '*' ) !== $search ); $trailing_wild = ( rtrim( $search, '*' ) !== $search ); if ( $leading_wild && $trailing_wild ) { $wild = 'both'; } elseif ( $leading_wild ) { $wild = 'leading'; } elseif ( $trailing_wild ) { $wild = 'trailing'; } else { $wild = false; } if ( $wild ) { $search = trim( $search, '*' ); } $search_columns = array(); if ( $qv['search_columns'] ) { $search_columns = array_intersect( $qv['search_columns'], array( 'ID', 'user_login', 'user_email', 'user_url', 'user_nicename', 'display_name' ) ); } if ( ! $search_columns ) { if ( str_contains( $search, '@' ) ) { $search_columns = array( 'user_email' ); } elseif ( is_numeric( $search ) ) { $search_columns = array( 'user_login', 'ID' ); } elseif ( preg_match( '|^https?://|', $search ) && ! ( is_multisite() && wp_is_large_network( 'users' ) ) ) { $search_columns = array( 'user_url' ); } else { $search_columns = array( 'user_login', 'user_url', 'user_email', 'user_nicename', 'display_name' ); } } /** * Filters the columns to search in a WP_User_Query search. * * The default columns depend on the search term, and include 'ID', 'user_login', * 'user_email', 'user_url', 'user_nicename', and 'display_name'. * * @since 3.6.0 * * @param string[] $search_columns Array of column names to be searched. * @param string $search Text being searched. * @param WP_User_Query $query The current WP_User_Query instance. */ $search_columns = apply_filters( 'user_search_columns', $search_columns, $search, $this ); $this->query_where .= $this->get_search_sql( $search, $search_columns, $wild ); } if ( ! empty( $include ) ) { // Sanitized earlier. $ids = implode( ',', $include ); $this->query_where .= " AND $wpdb->users.ID IN ($ids)"; } elseif ( ! empty( $qv['exclude'] ) ) { $ids = implode( ',', wp_parse_id_list( $qv['exclude'] ) ); $this->query_where .= " AND $wpdb->users.ID NOT IN ($ids)"; } // Date queries are allowed for the user_registered field. if ( ! empty( $qv['date_query'] ) && is_array( $qv['date_query'] ) ) { $date_query = new WP_Date_Query( $qv['date_query'], 'user_registered' ); $this->query_where .= $date_query->get_sql(); } /** * Fires after the WP_User_Query has been parsed, and before * the query is executed. * * The passed WP_User_Query object contains SQL parts formed * from parsing the given query. * * @since 3.1.0 * * @param WP_User_Query $query Current instance of WP_User_Query (passed by reference). */ do_action_ref_array( 'pre_user_query', array( &$this ) ); } /** * Executes the query, with the current variables. * * @since 3.1.0 * * @global wpdb $wpdb WordPress database abstraction object. */ public function query() { global $wpdb; if ( ! did_action( 'plugins_loaded' ) ) { _doing_it_wrong( 'WP_User_Query::query', sprintf( /* translators: %s: plugins_loaded */ __( 'User queries should not be run before the %s hook.' ), '<code>plugins_loaded</code>' ), '6.1.1' ); } $qv =& $this->query_vars; // Do not cache results if more than 3 fields are requested. if ( is_array( $qv['fields'] ) && count( $qv['fields'] ) > 3 ) { $qv['cache_results'] = false; } /** * Filters the users array before the query takes place. * * Return a non-null value to bypass WordPress' default user queries. * * Filtering functions that require pagination information are encouraged to set * the `total_users` property of the WP_User_Query object, passed to the filter * by reference. If WP_User_Query does not perform a database query, it will not * have enough information to generate these values itself. * * @since 5.1.0 * * @param array|null $results Return an array of user data to short-circuit WP's user query * or null to allow WP to run its normal queries. * @param WP_User_Query $query The WP_User_Query instance (passed by reference). */ $this->results = apply_filters_ref_array( 'users_pre_query', array( null, &$this ) ); if ( null === $this->results ) { // Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841. $this->request = "SELECT {$this->query_fields} {$this->query_from} {$this->query_where} {$this->query_orderby} {$this->query_limit}"; $cache_value = false; $cache_key = $this->generate_cache_key( $qv, $this->request ); $cache_group = 'user-queries'; $last_changed = $this->get_cache_last_changed( $qv ); if ( $qv['cache_results'] ) { $cache_value = wp_cache_get_salted( $cache_key, $cache_group, $last_changed ); } if ( false !== $cache_value ) { $this->results = $cache_value['user_data']; $this->total_users = $cache_value['total_users']; } else { if ( is_array( $qv['fields'] ) ) { $this->results = $wpdb->get_results( $this->request ); } else { $this->results = $wpdb->get_col( $this->request ); } if ( isset( $qv['count_total'] ) && $qv['count_total'] ) { /** * Filters SELECT FOUND_ROWS() query for the current WP_User_Query instance. * * @since 3.2.0 * @since 5.1.0 Added the `$this` parameter. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $sql The SELECT FOUND_ROWS() query for the current WP_User_Query. * @param WP_User_Query $query The current WP_User_Query instance. */ $found_users_query = apply_filters( 'found_users_query', 'SELECT FOUND_ROWS()', $this ); $this->total_users = (int) $wpdb->get_var( $found_users_query ); } if ( $qv['cache_results'] ) { $cache_value = array( 'user_data' => $this->results, 'total_users' => $this->total_users, ); wp_cache_set_salted( $cache_key, $cache_value, $cache_group, $last_changed ); } } } if ( ! $this->results ) { return; } if ( is_array( $qv['fields'] ) && isset( $this->results[0]->ID ) ) { foreach ( $this->results as $result ) { $result->id = $result->ID; } } elseif ( 'all_with_meta' === $qv['fields'] || 'all' === $qv['fields'] ) { if ( function_exists( 'cache_users' ) ) { cache_users( $this->results ); } $r = array(); foreach ( $this->results as $userid ) { if ( 'all_with_meta' === $qv['fields'] ) { $r[ $userid ] = new WP_User( $userid, '', $qv['blog_id'] ); } else { $r[] = new WP_User( $userid, '', $qv['blog_id'] ); } } $this->results = $r; } } /** * Retrieves query variable. * * @since 3.5.0 * * @param string $query_var Query variable key. * @return mixed */ public function get( $query_var ) { if ( isset( $this->query_vars[ $query_var ] ) ) { return $this->query_vars[ $query_var ]; } return null; } /** * Sets query variable. * * @since 3.5.0 * * @param string $query_var Query variable key. * @param mixed $value Query variable value. */ public function set( $query_var, $value ) { $this->query_vars[ $query_var ] = $value; } /** * Used internally to generate an SQL string for searching across multiple columns. * * @since 3.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $search Search string. * @param string[] $columns Array of columns to search. * @param bool $wild Whether to allow wildcard searches. Default is false for Network Admin, true for single site. * Single site allows leading and trailing wildcards, Network Admin only trailing. * @return string */ protected function get_search_sql( $search, $columns, $wild = false ) { global $wpdb; $searches = array(); $leading_wild = ( 'leading' === $wild || 'both' === $wild ) ? '%' : ''; $trailing_wild = ( 'trailing' === $wild || 'both' === $wild ) ? '%' : ''; $like = $leading_wild . $wpdb->esc_like( $search ) . $trailing_wild; foreach ( $columns as $column ) { if ( 'ID' === $column ) { $searches[] = $wpdb->prepare( "$column = %s", $search ); } else { $searches[] = $wpdb->prepare( "$column LIKE %s", $like ); } } return ' AND (' . implode( ' OR ', $searches ) . ')'; } /** * Returns the list of users. * * @since 3.1.0 * * @return array Array of results. */ public function get_results() { return $this->results; } /** * Returns the total number of users for the current query. * * @since 3.1.0 * * @return int Number of total users. */ public function get_total() { return $this->total_users; } /** * Parses and sanitizes 'orderby' keys passed to the user query. * * @since 4.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $orderby Alias for the field to order by. * @return string Value to used in the ORDER clause, if `$orderby` is valid. */ protected function parse_orderby( $orderby ) { global $wpdb; $meta_query_clauses = $this->meta_query->get_clauses(); $_orderby = ''; if ( in_array( $orderby, array( 'login', 'nicename', 'email', 'url', 'registered' ), true ) ) { $_orderby = 'user_' . $orderby; } elseif ( in_array( $orderby, array( 'user_login', 'user_nicename', 'user_email', 'user_url', 'user_registered' ), true ) ) { $_orderby = $orderby; } elseif ( 'name' === $orderby || 'display_name' === $orderby ) { $_orderby = 'display_name'; } elseif ( 'post_count' === $orderby ) { // @todo Avoid the JOIN. $where = get_posts_by_author_sql( 'post' ); $this->query_from .= " LEFT OUTER JOIN ( SELECT post_author, COUNT(*) as post_count FROM $wpdb->posts $where GROUP BY post_author ) p ON ({$wpdb->users}.ID = p.post_author)"; $_orderby = 'post_count'; } elseif ( 'ID' === $orderby || 'id' === $orderby ) { $_orderby = 'ID'; } elseif ( 'meta_value' === $orderby || $this->get( 'meta_key' ) === $orderby ) { $_orderby = "$wpdb->usermeta.meta_value"; } elseif ( 'meta_value_num' === $orderby ) { $_orderby = "$wpdb->usermeta.meta_value+0"; } elseif ( 'include' === $orderby && ! empty( $this->query_vars['include'] ) ) { $include = wp_parse_id_list( $this->query_vars['include'] ); $include_sql = implode( ',', $include ); $_orderby = "FIELD( $wpdb->users.ID, $include_sql )"; } elseif ( 'nicename__in' === $orderby ) { $sanitized_nicename__in = array_map( 'esc_sql', $this->query_vars['nicename__in'] ); $nicename__in = implode( "','", $sanitized_nicename__in ); $_orderby = "FIELD( user_nicename, '$nicename__in' )"; } elseif ( 'login__in' === $orderby ) { $sanitized_login__in = array_map( 'esc_sql', $this->query_vars['login__in'] ); $login__in = implode( "','", $sanitized_login__in ); $_orderby = "FIELD( user_login, '$login__in' )"; } elseif ( isset( $meta_query_clauses[ $orderby ] ) ) { $meta_clause = $meta_query_clauses[ $orderby ]; $_orderby = sprintf( 'CAST(%s.meta_value AS %s)', esc_sql( $meta_clause['alias'] ), esc_sql( $meta_clause['cast'] ) ); } return $_orderby; } /** * Generate cache key. * * @since 6.3.0 * @since 6.9.0 The `$args` parameter was deprecated and renamed to `$deprecated`. * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $deprecated Unused. * @param string $sql SQL statement. * @return string Cache key. */ protected function generate_cache_key( array $deprecated, $sql ) { global $wpdb; // Replace wpdb placeholder in the SQL statement used by the cache key. $sql = $wpdb->remove_placeholder_escape( $sql ); $key = md5( $sql ); return "get_users:$key"; } /** * Retrieves the last changed cache timestamp for users and optionally posts. * * @since 6.9.0 * * @param array $args Query arguments. * @return string[] The last changed timestamp string for the relevant cache groups. */ protected function get_cache_last_changed( array $args ) { $last_changed = (array) wp_cache_get_last_changed( 'users' ); if ( empty( $args['orderby'] ) ) { // Default order is by 'user_login'. $ordersby = array( 'user_login' => '' ); } elseif ( is_array( $args['orderby'] ) ) { $ordersby = $args['orderby']; } else { // 'orderby' values may be a comma- or space-separated list. $ordersby = preg_split( '/[,\s]+/', $args['orderby'] ); } $blog_id = 0; if ( isset( $args['blog_id'] ) ) { $blog_id = absint( $args['blog_id'] ); } if ( $args['has_published_posts'] || in_array( 'post_count', $ordersby, true ) ) { $switch = $blog_id && get_current_blog_id() !== $blog_id; if ( $switch ) { switch_to_blog( $blog_id ); } $last_changed[] = wp_cache_get_last_changed( 'posts' ); if ( $switch ) { restore_current_blog(); } } return $last_changed; } /** * Parses an 'order' query variable and casts it to ASC or DESC as necessary. * * @since 4.2.0 * * @param string $order The 'order' query variable. * @return string The sanitized 'order' query variable. */ protected function parse_order( $order ) { if ( ! is_string( $order ) || empty( $order ) ) { return 'DESC'; } if ( 'ASC' === strtoupper( $order ) ) { return 'ASC'; } else { return 'DESC'; } } /** * Makes private properties readable for backward compatibility. * * @since 4.0.0 * @since 6.4.0 Getting a dynamic property is deprecated. * * @param string $name Property to get. * @return mixed Property. */ public function __get( $name ) { if ( in_array( $name, $this->compat_fields, true ) ) { return $this->$name; } wp_trigger_error( __METHOD__, "The property `{$name}` is not declared. Getting a dynamic property is " . 'deprecated since version 6.4.0! Instead, declare the property on the class.', E_USER_DEPRECATED ); return null; } /** * Makes private properties settable for backward compatibility. * * @since 4.0.0 * @since 6.4.0 Setting a dynamic property is deprecated. * * @param string $name Property to check if set. * @param mixed $value Property value. */ public function __set( $name, $value ) { if ( in_array( $name, $this->compat_fields, true ) ) { $this->$name = $value; return; } wp_trigger_error( __METHOD__, "The property `{$name}` is not declared. Setting a dynamic property is " . 'deprecated since version 6.4.0! Instead, declare the property on the class.', E_USER_DEPRECATED ); } /** * Makes private properties checkable for backward compatibility. * * @since 4.0.0 * @since 6.4.0 Checking a dynamic property is deprecated. * * @param string $name Property to check if set. * @return bool Whether the property is set. */ public function __isset( $name ) { if ( in_array( $name, $this->compat_fields, true ) ) { return isset( $this->$name ); } wp_trigger_error( __METHOD__, "The property `{$name}` is not declared. Checking `isset()` on a dynamic property " . 'is deprecated since version 6.4.0! Instead, declare the property on the class.', E_USER_DEPRECATED ); return false; } /** * Makes private properties un-settable for backward compatibility. * * @since 4.0.0 * @since 6.4.0 Unsetting a dynamic property is deprecated. * * @param string $name Property to unset. */ public function __unset( $name ) { if ( in_array( $name, $this->compat_fields, true ) ) { unset( $this->$name ); return; } wp_trigger_error( __METHOD__, "A property `{$name}` is not declared. Unsetting a dynamic property is " . 'deprecated since version 6.4.0! Instead, declare the property on the class.', E_USER_DEPRECATED ); } /** * Makes private/protected methods readable for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( 'get_search_sql' === $name ) { return $this->get_search_sql( ...$arguments ); } return false; } } https-detection-20260622202808.php 0000666 00000013341 15224716631 0011775 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260621234627.php 0000666 00000013341 15224716631 0012000 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605224758.php 0000666 00000011205 15224716631 0012016 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605165155.php 0000666 00000011205 15224716631 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606132425.php 0000666 00000013341 15224716631 0011774 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-http-streams.php 0000666 00000040733 15224716631 0011461 0 ustar 00 <?php /** * HTTP API: WP_Http_Streams class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to integrate PHP Streams as an HTTP transport. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to `stream_socket_client()`. * @deprecated 6.4.0 Use WP_Http * @see WP_Http */ #[AllowDynamicProperties] class WP_Http_Streams { /** * Send a HTTP request to a URI using PHP Streams. * * @see WP_Http::request() For default options descriptions. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client(). * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. A WP_Error instance upon error */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', 'timeout' => 5, 'redirection' => 5, 'httpversion' => '1.0', 'blocking' => true, 'headers' => array(), 'body' => null, 'cookies' => array(), 'decompress' => false, 'stream' => false, 'filename' => null, ); $parsed_args = wp_parse_args( $args, $defaults ); if ( isset( $parsed_args['headers']['User-Agent'] ) ) { $parsed_args['user-agent'] = $parsed_args['headers']['User-Agent']; unset( $parsed_args['headers']['User-Agent'] ); } elseif ( isset( $parsed_args['headers']['user-agent'] ) ) { $parsed_args['user-agent'] = $parsed_args['headers']['user-agent']; unset( $parsed_args['headers']['user-agent'] ); } // Construct Cookie: header if any cookies are set. WP_Http::buildCookieHeader( $parsed_args ); $parsed_url = parse_url( $url ); $connect_host = $parsed_url['host']; $secure_transport = ( 'ssl' === $parsed_url['scheme'] || 'https' === $parsed_url['scheme'] ); if ( ! isset( $parsed_url['port'] ) ) { if ( 'ssl' === $parsed_url['scheme'] || 'https' === $parsed_url['scheme'] ) { $parsed_url['port'] = 443; $secure_transport = true; } else { $parsed_url['port'] = 80; } } // Always pass a path, defaulting to the root in cases such as http://example.com. if ( ! isset( $parsed_url['path'] ) ) { $parsed_url['path'] = '/'; } if ( isset( $parsed_args['headers']['Host'] ) || isset( $parsed_args['headers']['host'] ) ) { if ( isset( $parsed_args['headers']['Host'] ) ) { $parsed_url['host'] = $parsed_args['headers']['Host']; } else { $parsed_url['host'] = $parsed_args['headers']['host']; } unset( $parsed_args['headers']['Host'], $parsed_args['headers']['host'] ); } /* * Certain versions of PHP have issues with 'localhost' and IPv6, It attempts to connect * to ::1, which fails when the server is not set up for it. For compatibility, always * connect to the IPv4 address. */ if ( 'localhost' === strtolower( $connect_host ) ) { $connect_host = '127.0.0.1'; } $connect_host = $secure_transport ? 'ssl://' . $connect_host : 'tcp://' . $connect_host; $is_local = isset( $parsed_args['local'] ) && $parsed_args['local']; $ssl_verify = isset( $parsed_args['sslverify'] ) && $parsed_args['sslverify']; if ( $is_local ) { /** * Filters whether SSL should be verified for local HTTP API requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection * or path to an SSL certificate. * @param string $url The request URL. */ $ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify, $url ); } elseif ( ! $is_local ) { /** This filter is documented in wp-includes/class-wp-http.php */ $ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify, $url ); } $proxy = new WP_HTTP_Proxy(); $context = stream_context_create( array( 'ssl' => array( 'verify_peer' => $ssl_verify, // 'CN_match' => $parsed_url['host'], // This is handled by self::verify_ssl_certificate(). 'capture_peer_cert' => $ssl_verify, 'SNI_enabled' => true, 'cafile' => $parsed_args['sslcertificates'], 'allow_self_signed' => ! $ssl_verify, ), ) ); $timeout = (int) floor( $parsed_args['timeout'] ); $utimeout = 0; if ( $timeout !== (int) $parsed_args['timeout'] ) { $utimeout = 1000000 * $parsed_args['timeout'] % 1000000; } $connect_timeout = max( $timeout, 1 ); // Store error number. $connection_error = null; // Store error string. $connection_error_str = null; if ( ! WP_DEBUG ) { // In the event that the SSL connection fails, silence the many PHP warnings. if ( $secure_transport ) { $error_reporting = error_reporting( 0 ); } if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged $handle = @stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } else { // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged $handle = @stream_socket_client( $connect_host . ':' . $parsed_url['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } if ( $secure_transport ) { error_reporting( $error_reporting ); } } else { if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $handle = stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } else { $handle = stream_socket_client( $connect_host . ':' . $parsed_url['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } } if ( false === $handle ) { // SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken. if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) { return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); } return new WP_Error( 'http_request_failed', $connection_error . ': ' . $connection_error_str ); } // Verify that the SSL certificate is valid for this request. if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) { if ( ! self::verify_ssl_certificate( $handle, $parsed_url['host'] ) ) { return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); } } stream_set_timeout( $handle, $timeout, $utimeout ); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { // Some proxies require full URL in this field. $request_path = $url; } else { $request_path = $parsed_url['path'] . ( isset( $parsed_url['query'] ) ? '?' . $parsed_url['query'] : '' ); } $headers = strtoupper( $parsed_args['method'] ) . ' ' . $request_path . ' HTTP/' . $parsed_args['httpversion'] . "\r\n"; $include_port_in_host_header = ( ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) || ( 'http' === $parsed_url['scheme'] && 80 !== $parsed_url['port'] ) || ( 'https' === $parsed_url['scheme'] && 443 !== $parsed_url['port'] ) ); if ( $include_port_in_host_header ) { $headers .= 'Host: ' . $parsed_url['host'] . ':' . $parsed_url['port'] . "\r\n"; } else { $headers .= 'Host: ' . $parsed_url['host'] . "\r\n"; } if ( isset( $parsed_args['user-agent'] ) ) { $headers .= 'User-agent: ' . $parsed_args['user-agent'] . "\r\n"; } if ( is_array( $parsed_args['headers'] ) ) { foreach ( (array) $parsed_args['headers'] as $header => $header_value ) { $headers .= $header . ': ' . $header_value . "\r\n"; } } else { $headers .= $parsed_args['headers']; } if ( $proxy->use_authentication() ) { $headers .= $proxy->authentication_header() . "\r\n"; } $headers .= "\r\n"; if ( ! is_null( $parsed_args['body'] ) ) { $headers .= $parsed_args['body']; } fwrite( $handle, $headers ); if ( ! $parsed_args['blocking'] ) { stream_set_blocking( $handle, 0 ); fclose( $handle ); return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), ); } $response = ''; $body_started = false; $keep_reading = true; $block_size = 4096; if ( isset( $parsed_args['limit_response_size'] ) ) { $block_size = min( $block_size, $parsed_args['limit_response_size'] ); } // If streaming to a file setup the file handle. if ( $parsed_args['stream'] ) { if ( ! WP_DEBUG ) { $stream_handle = @fopen( $parsed_args['filename'], 'w+' ); } else { $stream_handle = fopen( $parsed_args['filename'], 'w+' ); } if ( ! $stream_handle ) { return new WP_Error( 'http_request_failed', sprintf( /* translators: 1: fopen(), 2: File name. */ __( 'Could not open handle for %1$s to %2$s.' ), 'fopen()', $parsed_args['filename'] ) ); } $bytes_written = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); if ( ! $body_started ) { $response .= $block; if ( strpos( $response, "\r\n\r\n" ) ) { $processed_response = WP_Http::processResponse( $response ); $body_started = true; $block = $processed_response['body']; unset( $response ); $processed_response['body'] = ''; } } $this_block_size = strlen( $block ); if ( isset( $parsed_args['limit_response_size'] ) && ( $bytes_written + $this_block_size ) > $parsed_args['limit_response_size'] ) { $this_block_size = ( $parsed_args['limit_response_size'] - $bytes_written ); $block = substr( $block, 0, $this_block_size ); } $bytes_written_to_file = fwrite( $stream_handle, $block ); if ( $bytes_written_to_file !== $this_block_size ) { fclose( $handle ); fclose( $stream_handle ); return new WP_Error( 'http_request_failed', __( 'Failed to write request to temporary file.' ) ); } $bytes_written += $bytes_written_to_file; $keep_reading = ( ! isset( $parsed_args['limit_response_size'] ) || $bytes_written < $parsed_args['limit_response_size'] ); } fclose( $stream_handle ); } else { $header_length = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); $response .= $block; if ( ! $body_started && strpos( $response, "\r\n\r\n" ) ) { $header_length = strpos( $response, "\r\n\r\n" ) + 4; $body_started = true; } $keep_reading = ( ! $body_started || ! isset( $parsed_args['limit_response_size'] ) || strlen( $response ) < ( $header_length + $parsed_args['limit_response_size'] ) ); } $processed_response = WP_Http::processResponse( $response ); unset( $response ); } fclose( $handle ); $processed_headers = WP_Http::processHeaders( $processed_response['headers'], $url ); $response = array( 'headers' => $processed_headers['headers'], // Not yet processed. 'body' => null, 'response' => $processed_headers['response'], 'cookies' => $processed_headers['cookies'], 'filename' => $parsed_args['filename'], ); // Handle redirects. $redirect_response = WP_Http::handle_redirects( $url, $parsed_args, $response ); if ( false !== $redirect_response ) { return $redirect_response; } // If the body was chunk encoded, then decode it. if ( ! empty( $processed_response['body'] ) && isset( $processed_headers['headers']['transfer-encoding'] ) && 'chunked' === $processed_headers['headers']['transfer-encoding'] ) { $processed_response['body'] = WP_Http::chunkTransferDecode( $processed_response['body'] ); } if ( true === $parsed_args['decompress'] && true === WP_Http_Encoding::should_decode( $processed_headers['headers'] ) ) { $processed_response['body'] = WP_Http_Encoding::decompress( $processed_response['body'] ); } if ( isset( $parsed_args['limit_response_size'] ) && strlen( $processed_response['body'] ) > $parsed_args['limit_response_size'] ) { $processed_response['body'] = substr( $processed_response['body'], 0, $parsed_args['limit_response_size'] ); } $response['body'] = $processed_response['body']; return $response; } /** * Verifies the received SSL certificate against its Common Names and subjectAltName fields. * * PHP's SSL verifications only verify that it's a valid Certificate, it doesn't verify if * the certificate is valid for the hostname which was requested. * This function verifies the requested hostname against certificate's subjectAltName field, * if that is empty, or contains no DNS entries, a fallback to the Common Name field is used. * * IP Address support is included if the request is being made to an IP address. * * @since 3.7.0 * * @param resource $stream The PHP Stream which the SSL request is being made over * @param string $host The hostname being requested * @return bool If the certificate presented in $stream is valid for $host */ public static function verify_ssl_certificate( $stream, $host ) { $context_options = stream_context_get_options( $stream ); if ( empty( $context_options['ssl']['peer_certificate'] ) ) { return false; } $cert = openssl_x509_parse( $context_options['ssl']['peer_certificate'] ); if ( ! $cert ) { return false; } /* * If the request is being made to an IP address, we'll validate against IP fields * in the cert (if they exist) */ $host_type = ( WP_Http::is_ip_address( $host ) ? 'ip' : 'dns' ); $certificate_hostnames = array(); if ( ! empty( $cert['extensions']['subjectAltName'] ) ) { $match_against = preg_split( '/,\s*/', $cert['extensions']['subjectAltName'] ); foreach ( $match_against as $match ) { list( $match_type, $match_host ) = explode( ':', $match ); if ( strtolower( trim( $match_type ) ) === $host_type ) { // IP: or DNS: $certificate_hostnames[] = strtolower( trim( $match_host ) ); } } } elseif ( ! empty( $cert['subject']['CN'] ) ) { // Only use the CN when the certificate includes no subjectAltName extension. $certificate_hostnames[] = strtolower( $cert['subject']['CN'] ); } // Exact hostname/IP matches. if ( in_array( strtolower( $host ), $certificate_hostnames, true ) ) { return true; } // IP's can't be wildcards, Stop processing. if ( 'ip' === $host_type ) { return false; } // Test to see if the domain is at least 2 deep for wildcard support. if ( substr_count( $host, '.' ) < 2 ) { return false; } // Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com. $wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host ); return in_array( strtolower( $wildcard_host ), $certificate_hostnames, true ); } /** * Determines whether this class can be used for retrieving a URL. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client(). * * @param array $args Optional. Array of request arguments. Default empty array. * @return bool False means this class can not be used, true means it can. */ public static function test( $args = array() ) { if ( ! function_exists( 'stream_socket_client' ) ) { return false; } $is_ssl = isset( $args['ssl'] ) && $args['ssl']; if ( $is_ssl ) { if ( ! extension_loaded( 'openssl' ) ) { return false; } if ( ! function_exists( 'openssl_x509_parse' ) ) { return false; } } /** * Filters whether streams can be used as a transport for retrieving a URL. * * @since 2.7.0 * * @param bool $use_class Whether the class can be used. Default true. * @param array $args Request arguments. */ return apply_filters( 'use_streams_transport', true, $args ); } } /** * Deprecated HTTP Transport method which used fsockopen. * * This class is not used, and is included for backward compatibility only. * All code should make use of WP_Http directly through its API. * * @see WP_HTTP::request * * @since 2.7.0 * @deprecated 3.7.0 Please use WP_HTTP::request() directly */ class WP_HTTP_Fsockopen extends WP_Http_Streams { // For backward compatibility for users who are using the class directly. } https-detection-20260605070331.php 0000666 00000013341 15224716631 0011770 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } comment-template.php 0000666 00000311351 15224716631 0010547 0 ustar 00 <?php /** * Comment template functions * * These functions are meant to live inside of the WordPress loop. * * @package WordPress * @subpackage Template */ /** * Retrieves the author of the current comment. * * If the comment has an empty comment_author field, then 'Anonymous' person is * assumed. * * @since 1.5.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to retrieve the author. * Default current comment. * @return string The comment author */ function get_comment_author( $comment_id = 0 ) { $comment = get_comment( $comment_id ); if ( ! empty( $comment->comment_ID ) ) { $comment_id = $comment->comment_ID; } elseif ( is_scalar( $comment_id ) ) { $comment_id = (string) $comment_id; } else { $comment_id = '0'; } if ( empty( $comment->comment_author ) ) { $user = ! empty( $comment->user_id ) ? get_userdata( $comment->user_id ) : false; if ( $user ) { $comment_author = $user->display_name; } else { $comment_author = __( 'Anonymous' ); } } else { $comment_author = $comment->comment_author; } /** * Filters the returned comment author name. * * @since 1.5.0 * @since 4.1.0 The `$comment_id` and `$comment` parameters were added. * * @param string $comment_author The comment author's username. * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment object. */ return apply_filters( 'get_comment_author', $comment_author, $comment_id, $comment ); } /** * Displays the author of the current comment. * * @since 0.71 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author. * Default current comment. */ function comment_author( $comment_id = 0 ) { $comment = get_comment( $comment_id ); $comment_author = get_comment_author( $comment ); /** * Filters the comment author's name for display. * * @since 1.2.0 * @since 4.1.0 The `$comment_id` parameter was added. * * @param string $comment_author The comment author's username. * @param string $comment_id The comment ID as a numeric string. */ echo apply_filters( 'comment_author', $comment_author, $comment->comment_ID ); } /** * Retrieves the email of the author of the current comment. * * @since 1.5.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's email. * Default current comment. * @return string The current comment author's email */ function get_comment_author_email( $comment_id = 0 ) { $comment = get_comment( $comment_id ); /** * Filters the comment author's returned email address. * * @since 1.5.0 * @since 4.1.0 The `$comment_id` and `$comment` parameters were added. * * @param string $comment_author_email The comment author's email address. * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment object. */ return apply_filters( 'get_comment_author_email', $comment->comment_author_email, $comment->comment_ID, $comment ); } /** * Displays the email of the author of the current global $comment. * * Care should be taken to protect the email address and assure that email * harvesters do not capture your commenter's email address. Most assume that * their email address will not appear in raw form on the site. Doing so will * enable anyone, including those that people don't want to get the email * address and use it for their own means good and bad. * * @since 0.71 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's email. * Default current comment. */ function comment_author_email( $comment_id = 0 ) { $comment = get_comment( $comment_id ); $comment_author_email = get_comment_author_email( $comment ); /** * Filters the comment author's email for display. * * @since 1.2.0 * @since 4.1.0 The `$comment_id` parameter was added. * * @param string $comment_author_email The comment author's email address. * @param string $comment_id The comment ID as a numeric string. */ echo apply_filters( 'author_email', $comment_author_email, $comment->comment_ID ); } /** * Displays the HTML email link to the author of the current comment. * * Care should be taken to protect the email address and assure that email * harvesters do not capture your commenter's email address. Most assume that * their email address will not appear in raw form on the site. Doing so will * enable anyone, including those that people don't want to get the email * address and use it for their own means good and bad. * * @since 0.71 * @since 4.6.0 Added the `$comment` parameter. * * @param string $link_text Optional. Text to display instead of the comment author's email address. * Default empty. * @param string $before Optional. Text or HTML to display before the email link. Default empty. * @param string $after Optional. Text or HTML to display after the email link. Default empty. * @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. Default is the current comment. */ function comment_author_email_link( $link_text = '', $before = '', $after = '', $comment = null ) { $link = get_comment_author_email_link( $link_text, $before, $after, $comment ); if ( $link ) { echo $link; } } /** * Returns the HTML email link to the author of the current comment. * * Care should be taken to protect the email address and assure that email * harvesters do not capture your commenter's email address. Most assume that * their email address will not appear in raw form on the site. Doing so will * enable anyone, including those that people don't want to get the email * address and use it for their own means good and bad. * * @since 2.7.0 * @since 4.6.0 Added the `$comment` parameter. * * @param string $link_text Optional. Text to display instead of the comment author's email address. * Default empty. * @param string $before Optional. Text or HTML to display before the email link. Default empty. * @param string $after Optional. Text or HTML to display after the email link. Default empty. * @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. Default is the current comment. * @return string HTML markup for the comment author email link. By default, the email address is obfuscated * via the {@see 'comment_email'} filter with antispambot(). */ function get_comment_author_email_link( $link_text = '', $before = '', $after = '', $comment = null ) { $comment = get_comment( $comment ); /** * Filters the comment author's email for display. * * Care should be taken to protect the email address and assure that email * harvesters do not capture your commenter's email address. * * @since 1.2.0 * @since 4.1.0 The `$comment` parameter was added. * * @param string $comment_author_email The comment author's email address. * @param WP_Comment $comment The comment object. */ $comment_author_email = apply_filters( 'comment_email', $comment->comment_author_email, $comment ); if ( ( ! empty( $comment_author_email ) ) && ( '@' !== $comment_author_email ) ) { $display = ( '' !== $link_text ) ? $link_text : $comment_author_email; $comment_author_email_link = $before . sprintf( '<a href="%1$s">%2$s</a>', esc_url( 'mailto:' . $comment_author_email ), esc_html( $display ) ) . $after; return $comment_author_email_link; } else { return ''; } } /** * Retrieves the HTML link to the URL of the author of the current comment. * * Both get_comment_author_url() and get_comment_author() rely on get_comment(), * which falls back to the global comment variable if the $comment_id argument is empty. * * @since 1.5.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's link. * Default current comment. * @return string The comment author name or HTML link for author's URL. */ function get_comment_author_link( $comment_id = 0 ) { $comment = get_comment( $comment_id ); if ( ! empty( $comment->comment_ID ) ) { $comment_id = $comment->comment_ID; } elseif ( is_scalar( $comment_id ) ) { $comment_id = (string) $comment_id; } else { $comment_id = '0'; } $comment_author_url = get_comment_author_url( $comment ); $comment_author = get_comment_author( $comment ); if ( empty( $comment_author_url ) || 'http://' === $comment_author_url ) { $comment_author_link = $comment_author; } else { $rel_parts = array( 'ugc' ); if ( ! wp_is_internal_link( $comment_author_url ) ) { $rel_parts = array_merge( $rel_parts, array( 'external', 'nofollow' ) ); } /** * Filters the rel attributes of the comment author's link. * * @since 6.2.0 * * @param string[] $rel_parts An array of strings representing the rel tags * which will be joined into the anchor's rel attribute. * @param WP_Comment $comment The comment object. */ $rel_parts = apply_filters( 'comment_author_link_rel', $rel_parts, $comment ); $rel = implode( ' ', $rel_parts ); $rel = esc_attr( $rel ); // Empty space before 'rel' is necessary for later sprintf(). $rel = ! empty( $rel ) ? sprintf( ' rel="%s"', $rel ) : ''; $comment_author_link = sprintf( '<a href="%1$s" class="url"%2$s>%3$s</a>', $comment_author_url, $rel, $comment_author ); } /** * Filters the comment author's link for display. * * @since 1.5.0 * @since 4.1.0 The `$comment_author` and `$comment_id` parameters were added. * * @param string $comment_author_link The HTML-formatted comment author link. * Empty for an invalid URL. * @param string $comment_author The comment author's username. * @param string $comment_id The comment ID as a numeric string. */ return apply_filters( 'get_comment_author_link', $comment_author_link, $comment_author, $comment_id ); } /** * Displays the HTML link to the URL of the author of the current comment. * * @since 0.71 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's link. * Default current comment. */ function comment_author_link( $comment_id = 0 ) { echo get_comment_author_link( $comment_id ); } /** * Retrieves the IP address of the author of the current comment. * * @since 1.5.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's IP address. * Default current comment. * @return string Comment author's IP address, or an empty string if it's not available. */ function get_comment_author_IP( $comment_id = 0 ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid $comment = get_comment( $comment_id ); /** * Filters the comment author's returned IP address. * * @since 1.5.0 * @since 4.1.0 The `$comment_id` and `$comment` parameters were added. * * @param string $comment_author_ip The comment author's IP address, or an empty string if it's not available. * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment object. */ return apply_filters( 'get_comment_author_IP', $comment->comment_author_IP, $comment->comment_ID, $comment ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase } /** * Displays the IP address of the author of the current comment. * * @since 0.71 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's IP address. * Default current comment. */ function comment_author_IP( $comment_id = 0 ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid echo esc_html( get_comment_author_IP( $comment_id ) ); } /** * Retrieves the URL of the author of the current comment, not linked. * * @since 1.5.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's URL. * Default current comment. * @return string Comment author URL, if provided, an empty string otherwise. */ function get_comment_author_url( $comment_id = 0 ) { $comment = get_comment( $comment_id ); $comment_author_url = ''; $comment_id = 0; if ( ! empty( $comment ) ) { $comment_author_url = ( 'http://' === $comment->comment_author_url ) ? '' : $comment->comment_author_url; $comment_author_url = esc_url( $comment_author_url, array( 'http', 'https' ) ); $comment_id = $comment->comment_ID; } /** * Filters the comment author's URL. * * @since 1.5.0 * @since 4.1.0 The `$comment_id` and `$comment` parameters were added. * * @param string $comment_author_url The comment author's URL, or an empty string. * @param string|int $comment_id The comment ID as a numeric string, or 0 if not found. * @param WP_Comment|null $comment The comment object, or null if not found. */ return apply_filters( 'get_comment_author_url', $comment_author_url, $comment_id, $comment ); } /** * Displays the URL of the author of the current comment, not linked. * * @since 0.71 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's URL. * Default current comment. */ function comment_author_url( $comment_id = 0 ) { $comment = get_comment( $comment_id ); $comment_author_url = get_comment_author_url( $comment ); /** * Filters the comment author's URL for display. * * @since 1.2.0 * @since 4.1.0 The `$comment_id` parameter was added. * * @param string $comment_author_url The comment author's URL. * @param string $comment_id The comment ID as a numeric string. */ echo apply_filters( 'comment_url', $comment_author_url, $comment->comment_ID ); } /** * Retrieves the HTML link of the URL of the author of the current comment. * * $link_text parameter is only used if the URL does not exist for the comment * author. If the URL does exist then the URL will be used and the $link_text * will be ignored. * * Encapsulate the HTML link between the $before and $after. So it will appear * in the order of $before, link, and finally $after. * * @since 1.5.0 * @since 4.6.0 Added the `$comment` parameter. * * @param string $link_text Optional. The text to display instead of the comment * author's email address. Default empty. * @param string $before Optional. The text or HTML to display before the email link. * Default empty. * @param string $after Optional. The text or HTML to display after the email link. * Default empty. * @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. * Default is the current comment. * @return string The HTML link between the $before and $after parameters. */ function get_comment_author_url_link( $link_text = '', $before = '', $after = '', $comment = 0 ) { $comment_author_url = get_comment_author_url( $comment ); $display = ( '' !== $link_text ) ? $link_text : $comment_author_url; $display = str_replace( 'http://www.', '', $display ); $display = str_replace( 'http://', '', $display ); if ( str_ends_with( $display, '/' ) ) { $display = substr( $display, 0, -1 ); } $comment_author_url_link = $before . sprintf( '<a href="%1$s" rel="external">%2$s</a>', $comment_author_url, $display ) . $after; /** * Filters the comment author's returned URL link. * * @since 1.5.0 * * @param string $comment_author_url_link The HTML-formatted comment author URL link. */ return apply_filters( 'get_comment_author_url_link', $comment_author_url_link ); } /** * Displays the HTML link of the URL of the author of the current comment. * * @since 0.71 * @since 4.6.0 Added the `$comment` parameter. * * @param string $link_text Optional. Text to display instead of the comment author's * email address. Default empty. * @param string $before Optional. Text or HTML to display before the email link. * Default empty. * @param string $after Optional. Text or HTML to display after the email link. * Default empty. * @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. * Default is the current comment. */ function comment_author_url_link( $link_text = '', $before = '', $after = '', $comment = 0 ) { echo get_comment_author_url_link( $link_text, $before, $after, $comment ); } /** * Generates semantic classes for each comment element. * * @since 2.7.0 * @since 4.4.0 Added the ability for `$comment` to also accept a WP_Comment object. * * @param string|string[] $css_class Optional. One or more classes to add to the class list. * Default empty. * @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. Default current comment. * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post. * @param bool $display Optional. Whether to print or return the output. * Default true. * @return void|string Void if `$display` argument is true, comment classes if `$display` is false. */ function comment_class( $css_class = '', $comment = null, $post = null, $display = true ) { // Separates classes with a single space, collates classes for comment DIV. $css_class = 'class="' . implode( ' ', get_comment_class( $css_class, $comment, $post ) ) . '"'; if ( $display ) { echo $css_class; } else { return $css_class; } } /** * Returns the classes for the comment div as an array. * * @since 2.7.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @global int $comment_alt * @global int $comment_depth * @global int $comment_thread_alt * * @param string|string[] $css_class Optional. One or more classes to add to the class list. * Default empty. * @param int|WP_Comment $comment_id Optional. Comment ID or WP_Comment object. Default current comment. * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post. * @return string[] An array of classes. */ function get_comment_class( $css_class = '', $comment_id = null, $post = null ) { global $comment_alt, $comment_depth, $comment_thread_alt; $classes = array(); $comment = get_comment( $comment_id ); if ( ! $comment ) { return $classes; } // Get the comment type (comment, trackback). $classes[] = ( empty( $comment->comment_type ) ) ? 'comment' : $comment->comment_type; // Add classes for comment authors that are registered users. $user = $comment->user_id ? get_userdata( $comment->user_id ) : false; if ( $user ) { $classes[] = 'byuser'; $classes[] = 'comment-author-' . sanitize_html_class( $user->user_nicename, $comment->user_id ); // For comment authors who are the author of the post. $_post = get_post( $post ); if ( $_post ) { if ( $comment->user_id === $_post->post_author ) { $classes[] = 'bypostauthor'; } } } if ( empty( $comment_alt ) ) { $comment_alt = 0; } if ( empty( $comment_depth ) ) { $comment_depth = 1; } if ( empty( $comment_thread_alt ) ) { $comment_thread_alt = 0; } if ( $comment_alt % 2 ) { $classes[] = 'odd'; $classes[] = 'alt'; } else { $classes[] = 'even'; } ++$comment_alt; // Alt for top-level comments. if ( 1 === $comment_depth ) { if ( $comment_thread_alt % 2 ) { $classes[] = 'thread-odd'; $classes[] = 'thread-alt'; } else { $classes[] = 'thread-even'; } ++$comment_thread_alt; } $classes[] = "depth-$comment_depth"; if ( ! empty( $css_class ) ) { if ( ! is_array( $css_class ) ) { $css_class = preg_split( '#\s+#', $css_class ); } $classes = array_merge( $classes, $css_class ); } $classes = array_map( 'esc_attr', $classes ); /** * Filters the returned CSS classes for the current comment. * * @since 2.7.0 * * @param string[] $classes An array of comment classes. * @param string[] $css_class An array of additional classes added to the list. * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment object. * @param int|WP_Post $post The post ID or WP_Post object. */ return apply_filters( 'comment_class', $classes, $css_class, $comment->comment_ID, $comment, $post ); } /** * Retrieves the comment date of the current comment. * * @since 1.5.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param string $format Optional. PHP date format. Defaults to the 'date_format' option. * @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the date. * Default current comment. * @return string The comment's date. */ function get_comment_date( $format = '', $comment_id = 0 ) { $comment = get_comment( $comment_id ); $_format = ! empty( $format ) ? $format : get_option( 'date_format' ); $comment_date = mysql2date( $_format, $comment->comment_date ); /** * Filters the returned comment date. * * @since 1.5.0 * * @param string|int $comment_date Formatted date string or Unix timestamp. * @param string $format PHP date format. * @param WP_Comment $comment The comment object. */ return apply_filters( 'get_comment_date', $comment_date, $format, $comment ); } /** * Displays the comment date of the current comment. * * @since 0.71 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param string $format Optional. PHP date format. Defaults to the 'date_format' option. * @param int|WP_Comment $comment_id WP_Comment or ID of the comment for which to print the date. * Default current comment. */ function comment_date( $format = '', $comment_id = 0 ) { echo get_comment_date( $format, $comment_id ); } /** * Retrieves the excerpt of the given comment. * * Returns a maximum of 20 words with an ellipsis appended if necessary. * * @since 1.5.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the excerpt. * Default current comment. * @return string The possibly truncated comment excerpt. */ function get_comment_excerpt( $comment_id = 0 ) { $comment = get_comment( $comment_id ); if ( ! post_password_required( $comment->comment_post_ID ) ) { $comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) ); } else { $comment_text = __( 'Password protected' ); } /* translators: Maximum number of words used in a comment excerpt. */ $comment_excerpt_length = (int) _x( '20', 'comment_excerpt_length' ); /** * Filters the maximum number of words used in the comment excerpt. * * @since 4.4.0 * * @param int $comment_excerpt_length The amount of words you want to display in the comment excerpt. */ $comment_excerpt_length = apply_filters( 'comment_excerpt_length', $comment_excerpt_length ); $comment_excerpt = wp_trim_words( $comment_text, $comment_excerpt_length, '…' ); /** * Filters the retrieved comment excerpt. * * @since 1.5.0 * @since 4.1.0 The `$comment_id` and `$comment` parameters were added. * * @param string $comment_excerpt The comment excerpt text. * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment object. */ return apply_filters( 'get_comment_excerpt', $comment_excerpt, $comment->comment_ID, $comment ); } /** * Displays the excerpt of the current comment. * * @since 1.2.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to print the excerpt. * Default current comment. */ function comment_excerpt( $comment_id = 0 ) { $comment = get_comment( $comment_id ); $comment_excerpt = get_comment_excerpt( $comment ); /** * Filters the comment excerpt for display. * * @since 1.2.0 * @since 4.1.0 The `$comment_id` parameter was added. * * @param string $comment_excerpt The comment excerpt text. * @param string $comment_id The comment ID as a numeric string. */ echo apply_filters( 'comment_excerpt', $comment_excerpt, $comment->comment_ID ); } /** * Retrieves the comment ID of the current comment. * * @since 1.5.0 * * @return string The comment ID as a numeric string. */ function get_comment_ID() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid $comment = get_comment(); $comment_id = ! empty( $comment->comment_ID ) ? $comment->comment_ID : '0'; /** * Filters the returned comment ID. * * @since 1.5.0 * @since 4.1.0 The `$comment` parameter was added. * * @param string $comment_id The current comment ID as a numeric string. * @param WP_Comment $comment The comment object. */ return apply_filters( 'get_comment_ID', $comment_id, $comment ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase } /** * Displays the comment ID of the current comment. * * @since 0.71 */ function comment_ID() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid echo get_comment_ID(); } /** * Retrieves the link to a given comment. * * @since 1.5.0 * @since 4.4.0 Added the ability for `$comment` to also accept a WP_Comment object. Added `$cpage` argument. * * @see get_page_of_comment() * * @global WP_Rewrite $wp_rewrite WordPress rewrite component. * @global bool $in_comment_loop * * @param WP_Comment|int|null $comment Optional. Comment to retrieve. Default current comment. * @param array $args { * An array of optional arguments to override the defaults. * * @type string $type Passed to get_page_of_comment(). * @type int $page Current page of comments, for calculating comment pagination. * @type int $per_page Per-page value for comment pagination. * @type int $max_depth Passed to get_page_of_comment(). * @type int|string $cpage Value to use for the comment's "comment-page" or "cpage" value. * If provided, this value overrides any value calculated from `$page` * and `$per_page`. * } * @return string The permalink to the given comment. */ function get_comment_link( $comment = null, $args = array() ) { global $wp_rewrite, $in_comment_loop; $comment = get_comment( $comment ); // Back-compat. if ( ! is_array( $args ) ) { $args = array( 'page' => $args ); } $defaults = array( 'type' => 'all', 'page' => '', 'per_page' => '', 'max_depth' => '', 'cpage' => null, ); $args = wp_parse_args( $args, $defaults ); $comment_link = get_permalink( $comment->comment_post_ID ); // The 'cpage' param takes precedence. if ( ! is_null( $args['cpage'] ) ) { $cpage = $args['cpage']; // No 'cpage' is provided, so we calculate one. } else { if ( '' === $args['per_page'] && get_option( 'page_comments' ) ) { $args['per_page'] = get_option( 'comments_per_page' ); } if ( empty( $args['per_page'] ) ) { $args['per_page'] = 0; $args['page'] = 0; } $cpage = $args['page']; if ( '' === $cpage ) { if ( ! empty( $in_comment_loop ) ) { $cpage = (int) get_query_var( 'cpage' ); } else { // Requires a database hit, so we only do it when we can't figure out from context. $cpage = get_page_of_comment( $comment->comment_ID, $args ); } } /* * If the default page displays the oldest comments, the permalinks for comments on the default page * do not need a 'cpage' query var. */ if ( 'oldest' === get_option( 'default_comments_page' ) && 1 === $cpage ) { $cpage = ''; } } if ( $cpage && get_option( 'page_comments' ) ) { if ( $wp_rewrite->using_permalinks() ) { $comment_link = trailingslashit( $comment_link ) . $wp_rewrite->comments_pagination_base . '-' . $cpage; } else { $comment_link = add_query_arg( 'cpage', $cpage, $comment_link ); } } if ( $wp_rewrite->using_permalinks() ) { $comment_link = user_trailingslashit( $comment_link, 'comment' ); } $comment_link = $comment_link . '#comment-' . $comment->comment_ID; /** * Filters the returned single comment permalink. * * @since 2.8.0 * @since 4.4.0 Added the `$cpage` parameter. * * @see get_page_of_comment() * * @param string $comment_link The comment permalink with '#comment-$id' appended. * @param WP_Comment $comment The current comment object. * @param array $args An array of arguments to override the defaults. * @param int $cpage The calculated 'cpage' value. */ return apply_filters( 'get_comment_link', $comment_link, $comment, $args, $cpage ); } /** * Retrieves the link to the current post comments. * * @since 1.5.0 * * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is global $post. * @return string The link to the comments. */ function get_comments_link( $post = 0 ) { $hash = get_comments_number( $post ) ? '#comments' : '#respond'; $comments_link = get_permalink( $post ) . $hash; /** * Filters the returned post comments permalink. * * @since 3.6.0 * * @param string $comments_link Post comments permalink with '#comments' appended. * @param int|WP_Post $post Post ID or WP_Post object. */ return apply_filters( 'get_comments_link', $comments_link, $post ); } /** * Displays the link to the current post comments. * * @since 0.71 * * @param string $deprecated Not Used. * @param string $deprecated_2 Not Used. */ function comments_link( $deprecated = '', $deprecated_2 = '' ) { if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '0.72' ); } if ( ! empty( $deprecated_2 ) ) { _deprecated_argument( __FUNCTION__, '1.3.0' ); } echo esc_url( get_comments_link() ); } /** * Retrieves the amount of comments a post has. * * @since 1.5.0 * * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is the global `$post`. * @return string|int If the post exists, a numeric string representing the number of comments * the post has, otherwise 0. */ function get_comments_number( $post = 0 ) { $post = get_post( $post ); $comments_number = $post ? $post->comment_count : 0; $post_id = $post ? $post->ID : 0; /** * Filters the returned comment count for a post. * * @since 1.5.0 * * @param string|int $comments_number A string representing the number of comments a post has, otherwise 0. * @param int $post_id Post ID. */ return apply_filters( 'get_comments_number', $comments_number, $post_id ); } /** * Displays the language string for the number of comments the current post has. * * @since 0.71 * @since 5.4.0 The `$deprecated` parameter was changed to `$post`. * * @param string|false $zero Optional. Text for no comments. Default false. * @param string|false $one Optional. Text for one comment. Default false. * @param string|false $more Optional. Text for more than one comment. Default false. * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is the global `$post`. */ function comments_number( $zero = false, $one = false, $more = false, $post = 0 ) { echo get_comments_number_text( $zero, $one, $more, $post ); } /** * Displays the language string for the number of comments the current post has. * * @since 4.0.0 * @since 5.4.0 Added the `$post` parameter to allow using the function outside of the loop. * * @param string|false $zero Optional. Text for no comments. Default false. * @param string|false $one Optional. Text for one comment. Default false. * @param string|false $more Optional. Text for more than one comment. Default false. * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is the global `$post`. * @return string Language string for the number of comments a post has. */ function get_comments_number_text( $zero = false, $one = false, $more = false, $post = 0 ) { $comments_number = (int) get_comments_number( $post ); if ( $comments_number > 1 ) { if ( false === $more ) { $comments_number_text = sprintf( /* translators: %s: Number of comments. */ _n( '%s Comment', '%s Comments', $comments_number ), number_format_i18n( $comments_number ) ); } else { // % Comments /* * translators: If comment number in your language requires declension, * translate this to 'on'. Do not translate into your own language. */ if ( 'on' === _x( 'off', 'Comment number declension: on or off' ) ) { $text = preg_replace( '#<span class="screen-reader-text">.+?</span>#', '', $more ); $text = preg_replace( '/&.+?;/', '', $text ); // Remove HTML entities. $text = trim( strip_tags( $text ), '% ' ); // Replace '% Comments' with a proper plural form. if ( $text && ! preg_match( '/[0-9]+/', $text ) && str_contains( $more, '%' ) ) { /* translators: %s: Number of comments. */ $new_text = _n( '%s Comment', '%s Comments', $comments_number ); $new_text = trim( sprintf( $new_text, '' ) ); $more = str_replace( $text, $new_text, $more ); if ( ! str_contains( $more, '%' ) ) { $more = '% ' . $more; } } } $comments_number_text = str_replace( '%', number_format_i18n( $comments_number ), $more ); } } elseif ( 0 === $comments_number ) { $comments_number_text = ( false === $zero ) ? __( 'No Comments' ) : $zero; } else { // Must be one. $comments_number_text = ( false === $one ) ? __( '1 Comment' ) : $one; } /** * Filters the comments count for display. * * @since 1.5.0 * * @see _n() * * @param string $comments_number_text A translatable string formatted based on whether the count * is equal to 0, 1, or 1+. * @param int $comments_number The number of post comments. */ return apply_filters( 'comments_number', $comments_number_text, $comments_number ); } /** * Retrieves the text of the current comment. * * @since 1.5.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * @since 5.4.0 Added 'In reply to %s.' prefix to child comments in comments feed. * * @see Walker_Comment::comment() * * @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the text. * Default current comment. * @param array $args Optional. An array of arguments. Default empty array. * @return string The comment content. */ function get_comment_text( $comment_id = 0, $args = array() ) { $comment = get_comment( $comment_id ); $comment_text = $comment->comment_content; if ( is_comment_feed() && $comment->comment_parent ) { $parent = get_comment( $comment->comment_parent ); if ( $parent ) { $parent_link = esc_url( get_comment_link( $parent ) ); $name = get_comment_author( $parent ); $comment_text = sprintf( /* translators: %s: Comment link. */ ent2ncr( __( 'In reply to %s.' ) ), '<a href="' . $parent_link . '">' . $name . '</a>' ) . "\n\n" . $comment_text; } } /** * Filters the text of a comment. * * @since 1.5.0 * * @see Walker_Comment::comment() * * @param string $comment_text Text of the comment. * @param WP_Comment $comment The comment object. * @param array $args An array of arguments. */ return apply_filters( 'get_comment_text', $comment_text, $comment, $args ); } /** * Displays the text of the current comment. * * @since 0.71 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @see Walker_Comment::comment() * * @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to print the text. * Default current comment. * @param array $args Optional. An array of arguments. Default empty array. */ function comment_text( $comment_id = 0, $args = array() ) { $comment = get_comment( $comment_id ); $comment_text = get_comment_text( $comment, $args ); /** * Filters the text of a comment to be displayed. * * @since 1.2.0 * * @see Walker_Comment::comment() * * @param string $comment_text Text of the comment. * @param WP_Comment|null $comment The comment object. Null if not found. * @param array $args An array of arguments. */ echo apply_filters( 'comment_text', $comment_text, $comment, $args ); } /** * Retrieves the comment time of the current comment. * * @since 1.5.0 * @since 6.2.0 Added the `$comment_id` parameter. * * @param string $format Optional. PHP date format. Defaults to the 'time_format' option. * @param bool $gmt Optional. Whether to use the GMT date. Default false. * @param bool $translate Optional. Whether to translate the time (for use in feeds). * Default true. * @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the time. * Default current comment. * @return string The formatted time. */ function get_comment_time( $format = '', $gmt = false, $translate = true, $comment_id = 0 ) { $comment = get_comment( $comment_id ); if ( null === $comment ) { return ''; } $comment_date = $gmt ? $comment->comment_date_gmt : $comment->comment_date; $_format = ! empty( $format ) ? $format : get_option( 'time_format' ); $comment_time = mysql2date( $_format, $comment_date, $translate ); /** * Filters the returned comment time. * * @since 1.5.0 * * @param string|int $comment_time The comment time, formatted as a date string or Unix timestamp. * @param string $format PHP date format. * @param bool $gmt Whether the GMT date is in use. * @param bool $translate Whether the time is translated. * @param WP_Comment $comment The comment object. */ return apply_filters( 'get_comment_time', $comment_time, $format, $gmt, $translate, $comment ); } /** * Displays the comment time of the current comment. * * @since 0.71 * @since 6.2.0 Added the `$comment_id` parameter. * * @param string $format Optional. PHP time format. Defaults to the 'time_format' option. * @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to print the time. * Default current comment. */ function comment_time( $format = '', $comment_id = 0 ) { echo get_comment_time( $format, false, true, $comment_id ); } /** * Retrieves the comment type of the current comment. * * @since 1.5.0 * @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object. * * @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the type. * Default current comment. * @return string The comment type. */ function get_comment_type( $comment_id = 0 ) { $comment = get_comment( $comment_id ); if ( '' === $comment->comment_type ) { $comment->comment_type = 'comment'; } /** * Filters the returned comment type. * * @since 1.5.0 * @since 4.1.0 The `$comment_id` and `$comment` parameters were added. * * @param string $comment_type The type of comment, such as 'comment', 'pingback', or 'trackback'. * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment object. */ return apply_filters( 'get_comment_type', $comment->comment_type, $comment->comment_ID, $comment ); } /** * Displays the comment type of the current comment. * * @since 0.71 * * @param string|false $comment_text Optional. String to display for comment type. Default false. * @param string|false $trackback_text Optional. String to display for trackback type. Default false. * @param string|false $pingback_text Optional. String to display for pingback type. Default false. */ function comment_type( $comment_text = false, $trackback_text = false, $pingback_text = false ) { if ( false === $comment_text ) { $comment_text = _x( 'Comment', 'noun' ); } if ( false === $trackback_text ) { $trackback_text = __( 'Trackback' ); } if ( false === $pingback_text ) { $pingback_text = __( 'Pingback' ); } $type = get_comment_type(); switch ( $type ) { case 'trackback': echo $trackback_text; break; case 'pingback': echo $pingback_text; break; default: echo $comment_text; } } /** * Retrieves the current post's trackback URL. * * There is a check to see if permalink's have been enabled and if so, will * retrieve the pretty path. If permalinks weren't enabled, the ID of the * current post is used and appended to the correct page to go to. * * @since 1.5.0 * * @return string The trackback URL after being filtered. */ function get_trackback_url() { if ( get_option( 'permalink_structure' ) ) { $trackback_url = trailingslashit( get_permalink() ) . user_trailingslashit( 'trackback', 'single_trackback' ); } else { $trackback_url = get_option( 'siteurl' ) . '/wp-trackback.php?p=' . get_the_ID(); } /** * Filters the returned trackback URL. * * @since 2.2.0 * * @param string $trackback_url The trackback URL. */ return apply_filters( 'trackback_url', $trackback_url ); } /** * Displays the current post's trackback URL. * * @since 0.71 * * @param bool $deprecated_echo Not used. * @return void|string Should only be used to echo the trackback URL, use get_trackback_url() * for the result instead. */ function trackback_url( $deprecated_echo = true ) { if ( true !== $deprecated_echo ) { _deprecated_argument( __FUNCTION__, '2.5.0', sprintf( /* translators: %s: get_trackback_url() */ __( 'Use %s instead if you do not want the value echoed.' ), '<code>get_trackback_url()</code>' ) ); } if ( $deprecated_echo ) { echo get_trackback_url(); } else { return get_trackback_url(); } } /** * Generates and displays the RDF for the trackback information of current post. * * Deprecated in 3.0.0, and restored in 3.0.1. * * @since 0.71 * * @param int|string $deprecated Not used (Was $timezone = 0). */ function trackback_rdf( $deprecated = '' ) { if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '2.5.0' ); } if ( isset( $_SERVER['HTTP_USER_AGENT'] ) && false !== stripos( $_SERVER['HTTP_USER_AGENT'], 'W3C_Validator' ) ) { return; } echo '<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="'; the_permalink(); echo '"' . "\n"; echo ' dc:identifier="'; the_permalink(); echo '"' . "\n"; echo ' dc:title="' . str_replace( '--', '--', wptexturize( strip_tags( get_the_title() ) ) ) . '"' . "\n"; echo ' trackback:ping="' . get_trackback_url() . '"' . " />\n"; echo '</rdf:RDF>'; } /** * Determines whether the current post is open for comments. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post. * @return bool True if the comments are open. */ function comments_open( $post = null ) { $_post = get_post( $post ); $post_id = $_post ? $_post->ID : 0; $comments_open = ( $_post && ( 'open' === $_post->comment_status ) ); /** * Filters whether the current post is open for comments. * * @since 2.5.0 * * @param bool $comments_open Whether the current post is open for comments. * @param int $post_id The post ID. */ return apply_filters( 'comments_open', $comments_open, $post_id ); } /** * Determines whether the current post is open for pings. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post. * @return bool True if pings are accepted */ function pings_open( $post = null ) { $_post = get_post( $post ); $post_id = $_post ? $_post->ID : 0; $pings_open = ( $_post && ( 'open' === $_post->ping_status ) ); /** * Filters whether the current post is open for pings. * * @since 2.5.0 * * @param bool $pings_open Whether the current post is open for pings. * @param int $post_id The post ID. */ return apply_filters( 'pings_open', $pings_open, $post_id ); } /** * Displays form token for unfiltered comments. * * Will only display nonce token if the current user has permissions for * unfiltered html. Won't display the token for other users. * * The function was backported to 2.0.10 and was added to versions 2.1.3 and * above. Does not exist in versions prior to 2.0.10 in the 2.0 branch and in * the 2.1 branch, prior to 2.1.3. Technically added in 2.2.0. * * Backported to 2.0.10. * * @since 2.1.3 */ function wp_comment_form_unfiltered_html_nonce() { $post = get_post(); $post_id = $post ? $post->ID : 0; if ( current_user_can( 'unfiltered_html' ) ) { wp_nonce_field( 'unfiltered-html-comment_' . $post_id, '_wp_unfiltered_html_comment_disabled', false ); wp_print_inline_script_tag( "(function(){if(window===window.parent){document.getElementById('_wp_unfiltered_html_comment_disabled').name='_wp_unfiltered_html_comment';}})();\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); } } /** * Loads the comment template specified in $file. * * Will not display the comments template if not on single post or page, or if * the post does not have comments. * * Uses the WordPress database object to query for the comments. The comments * are passed through the {@see 'comments_array'} filter hook with the list of comments * and the post ID respectively. * * The `$file` path is passed through a filter hook called {@see 'comments_template'}, * which includes the template directory and $file combined. Tries the $filtered path * first and if it fails it will require the default comment template from the * default theme. If either does not exist, then the WordPress process will be * halted. It is advised for that reason, that the default theme is not deleted. * * Will not try to get the comments if the post has none. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * @global WP_Post $post Global post object. * @global wpdb $wpdb WordPress database abstraction object. * @global int $id * @global WP_Comment $comment Global comment object. * @global string $user_login * @global string $user_identity * @global bool $overridden_cpage * @global bool $withcomments * @global string $wp_stylesheet_path Path to current theme's stylesheet directory. * @global string $wp_template_path Path to current theme's template directory. * * @param string $file Optional. The file to load. Default '/comments.php'. * @param bool $separate_comments Optional. Whether to separate the comments by comment type. * Default false. */ function comments_template( $file = '/comments.php', $separate_comments = false ) { global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_identity, $overridden_cpage, $wp_stylesheet_path, $wp_template_path; if ( ! ( is_single() || is_page() || $withcomments ) || empty( $post ) ) { return; } if ( empty( $file ) ) { $file = '/comments.php'; } $req = get_option( 'require_name_email' ); /* * Comment author information fetched from the comment cookies. */ $commenter = wp_get_current_commenter(); /* * The name of the current comment author escaped for use in attributes. * Escaped by sanitize_comment_cookies(). */ $comment_author = $commenter['comment_author']; /* * The email address of the current comment author escaped for use in attributes. * Escaped by sanitize_comment_cookies(). */ $comment_author_email = $commenter['comment_author_email']; /* * The URL of the current comment author escaped for use in attributes. */ $comment_author_url = esc_url( $commenter['comment_author_url'] ); $comment_args = array( 'orderby' => 'comment_date_gmt', 'order' => 'ASC', 'status' => 'approve', 'post_id' => $post->ID, 'no_found_rows' => false, ); if ( get_option( 'thread_comments' ) ) { $comment_args['hierarchical'] = 'threaded'; } else { $comment_args['hierarchical'] = false; } if ( is_user_logged_in() ) { $comment_args['include_unapproved'] = array( get_current_user_id() ); } else { $unapproved_email = wp_get_unapproved_comment_author_email(); if ( $unapproved_email ) { $comment_args['include_unapproved'] = array( $unapproved_email ); } } $per_page = 0; if ( get_option( 'page_comments' ) ) { $per_page = (int) get_query_var( 'comments_per_page' ); if ( 0 === $per_page ) { $per_page = (int) get_option( 'comments_per_page' ); } $comment_args['number'] = $per_page; $page = (int) get_query_var( 'cpage' ); if ( $page ) { $comment_args['offset'] = ( $page - 1 ) * $per_page; } elseif ( 'oldest' === get_option( 'default_comments_page' ) ) { $comment_args['offset'] = 0; } else { // If fetching the first page of 'newest', we need a top-level comment count. $top_level_query = new WP_Comment_Query(); $top_level_args = array( 'count' => true, 'orderby' => false, 'post_id' => $post->ID, 'status' => 'approve', ); if ( $comment_args['hierarchical'] ) { $top_level_args['parent'] = 0; } if ( isset( $comment_args['include_unapproved'] ) ) { $top_level_args['include_unapproved'] = $comment_args['include_unapproved']; } /** * Filters the arguments used in the top level comments query. * * @since 5.6.0 * * @see WP_Comment_Query::__construct() * * @param array $top_level_args { * The top level query arguments for the comments template. * * @type bool $count Whether to return a comment count. * @type string|array $orderby The field(s) to order by. * @type int $post_id The post ID. * @type string|array $status The comment status to limit results by. * } */ $top_level_args = apply_filters( 'comments_template_top_level_query_args', $top_level_args ); $top_level_count = $top_level_query->query( $top_level_args ); $comment_args['offset'] = ( (int) ceil( $top_level_count / $per_page ) - 1 ) * $per_page; } } /** * Filters the arguments used to query comments in comments_template(). * * @since 4.5.0 * * @see WP_Comment_Query::__construct() * * @param array $comment_args { * Array of WP_Comment_Query arguments. * * @type string|array $orderby Field(s) to order by. * @type string $order Order of results. Accepts 'ASC' or 'DESC'. * @type string $status Comment status. * @type array $include_unapproved Array of IDs or email addresses whose unapproved comments * will be included in results. * @type int $post_id ID of the post. * @type bool $no_found_rows Whether to refrain from querying for found rows. * @type bool $update_comment_meta_cache Whether to prime cache for comment meta. * @type bool|string $hierarchical Whether to query for comments hierarchically. * @type int $offset Comment offset. * @type int $number Number of comments to fetch. * } */ $comment_args = apply_filters( 'comments_template_query_args', $comment_args ); $comment_query = new WP_Comment_Query( $comment_args ); $_comments = $comment_query->comments; // Trees must be flattened before they're passed to the walker. if ( $comment_args['hierarchical'] ) { $comments_flat = array(); foreach ( $_comments as $_comment ) { $comments_flat[] = $_comment; $comment_children = $_comment->get_children( array( 'format' => 'flat', 'status' => $comment_args['status'], 'orderby' => $comment_args['orderby'], ) ); foreach ( $comment_children as $comment_child ) { $comments_flat[] = $comment_child; } } } else { $comments_flat = $_comments; } /** * Filters the comments array. * * @since 2.1.0 * * @param array $comments Array of comments supplied to the comments template. * @param int $post_id Post ID. */ $wp_query->comments = apply_filters( 'comments_array', $comments_flat, $post->ID ); $comments = &$wp_query->comments; $wp_query->comment_count = count( $wp_query->comments ); $wp_query->max_num_comment_pages = $comment_query->max_num_pages; if ( $separate_comments ) { $wp_query->comments_by_type = separate_comments( $comments ); $comments_by_type = &$wp_query->comments_by_type; } else { $wp_query->comments_by_type = array(); } $overridden_cpage = false; if ( '' === get_query_var( 'cpage' ) && $wp_query->max_num_comment_pages > 1 ) { set_query_var( 'cpage', 'newest' === get_option( 'default_comments_page' ) ? get_comment_pages_count() : 1 ); $overridden_cpage = true; } if ( ! defined( 'COMMENTS_TEMPLATE' ) ) { define( 'COMMENTS_TEMPLATE', true ); } $theme_template = trailingslashit( $wp_stylesheet_path ) . $file; /** * Filters the path to the theme template file used for the comments template. * * @since 1.5.1 * * @param string $theme_template The path to the theme template file. */ $include = apply_filters( 'comments_template', $theme_template ); if ( file_exists( $include ) ) { require $include; } elseif ( file_exists( trailingslashit( $wp_template_path ) . $file ) ) { require trailingslashit( $wp_template_path ) . $file; } else { // Backward compat code will be removed in a future release. require ABSPATH . WPINC . '/theme-compat/comments.php'; } } /** * Displays the link to the comments for the current post ID. * * @since 0.71 * * @param false|string $zero Optional. String to display when no comments. Default false. * @param false|string $one Optional. String to display when only one comment is available. Default false. * @param false|string $more Optional. String to display when there are more than one comment. Default false. * @param string $css_class Optional. CSS class to use for comments. Default empty. * @param false|string $none Optional. String to display when comments have been turned off. Default false. */ function comments_popup_link( $zero = false, $one = false, $more = false, $css_class = '', $none = false ) { $post_id = get_the_ID(); $post_title = get_the_title(); $comments_number = (int) get_comments_number( $post_id ); if ( false === $zero ) { /* translators: %s: Post title. */ $zero = sprintf( __( 'No Comments<span class="screen-reader-text"> on %s</span>' ), $post_title ); } if ( false === $one ) { /* translators: %s: Post title. */ $one = sprintf( __( '1 Comment<span class="screen-reader-text"> on %s</span>' ), $post_title ); } if ( false === $more ) { /* translators: 1: Number of comments, 2: Post title. */ $more = _n( '%1$s Comment<span class="screen-reader-text"> on %2$s</span>', '%1$s Comments<span class="screen-reader-text"> on %2$s</span>', $comments_number ); $more = sprintf( $more, number_format_i18n( $comments_number ), $post_title ); } if ( false === $none ) { /* translators: %s: Post title. */ $none = sprintf( __( 'Comments Off<span class="screen-reader-text"> on %s</span>' ), $post_title ); } if ( 0 === $comments_number && ! comments_open() && ! pings_open() ) { printf( '<span%1$s>%2$s</span>', ! empty( $css_class ) ? ' class="' . esc_attr( $css_class ) . '"' : '', $none ); return; } if ( post_password_required() ) { _e( 'Enter your password to view comments.' ); return; } if ( 0 === $comments_number ) { $respond_link = get_permalink() . '#respond'; /** * Filters the respond link when a post has no comments. * * @since 4.4.0 * * @param string $respond_link The default response link. * @param int $post_id The post ID. */ $comments_link = apply_filters( 'respond_link', $respond_link, $post_id ); } else { $comments_link = get_comments_link(); } $link_attributes = ''; /** * Filters the comments link attributes for display. * * @since 2.5.0 * * @param string $link_attributes The comments link attributes. Default empty. */ $link_attributes = apply_filters( 'comments_popup_link_attributes', $link_attributes ); printf( '<a href="%1$s"%2$s%3$s>%4$s</a>', esc_url( $comments_link ), ! empty( $css_class ) ? ' class="' . $css_class . '" ' : '', $link_attributes, get_comments_number_text( $zero, $one, $more ) ); } /** * Retrieves HTML content for reply to comment link. * * @since 2.7.0 * @since 4.4.0 Added the ability for `$comment` to also accept a WP_Comment object. * * @param array $args { * Optional. Override default arguments. * * @type string $add_below The first part of the selector used to identify the comment to respond below. * The resulting value is passed as the first parameter to addComment.moveForm(), * concatenated as $add_below-$comment->comment_ID. Default 'comment'. * @type string $respond_id The selector identifying the responding comment. Passed as the third parameter * to addComment.moveForm(), and appended to the link URL as a hash value. * Default 'respond'. * @type string $reply_text The visible text of the Reply link. Default 'Reply'. * @type string $reply_to_text The accessible name of the Reply link, using `%s` as a placeholder * for the comment author's name. Default 'Reply to %s'. * Should start with the visible `reply_text` value. * @type bool $show_reply_to_text Whether to use `reply_to_text` as visible link text. Default false. * @type string $login_text The text of the link to reply if logged out. Default 'Log in to Reply'. * @type int $max_depth The max depth of the comment tree. Default 0. * @type int $depth The depth of the new comment. Must be greater than 0 and less than the value * of the 'thread_comments_depth' option set in Settings > Discussion. Default 0. * @type string $before The text or HTML to add before the reply link. Default empty. * @type string $after The text or HTML to add after the reply link. Default empty. * } * @param int|WP_Comment $comment Optional. Comment being replied to. Default current comment. * @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on. * Default current post. * @return string|false|null Link to show comment form on success. False if comments are closed. Null on failure. */ function get_comment_reply_link( $args = array(), $comment = null, $post = null ) { $defaults = array( 'add_below' => 'comment', 'respond_id' => 'respond', 'reply_text' => __( 'Reply' ), /* translators: Comment reply button text. %s: Comment author name. */ 'reply_to_text' => __( 'Reply to %s' ), 'login_text' => __( 'Log in to Reply' ), 'max_depth' => 0, 'depth' => 0, 'before' => '', 'after' => '', 'show_reply_to_text' => false, ); $args = wp_parse_args( $args, $defaults ); $args['max_depth'] = (int) $args['max_depth']; $args['depth'] = (int) $args['depth']; if ( 0 === $args['depth'] || $args['max_depth'] <= $args['depth'] ) { return null; } $comment = get_comment( $comment ); if ( empty( $comment ) ) { return null; } if ( empty( $post ) ) { $post = $comment->comment_post_ID; } $post = get_post( $post ); if ( ! comments_open( $post->ID ) ) { return false; } if ( get_option( 'page_comments' ) ) { $permalink = str_replace( '#comment-' . $comment->comment_ID, '', get_comment_link( $comment ) ); } else { $permalink = get_permalink( $post->ID ); } /** * Filters the comment reply link arguments. * * @since 4.1.0 * * @param array $args Comment reply link arguments. See get_comment_reply_link() * for more information on accepted arguments. * @param WP_Comment $comment The object of the comment being replied to. * @param WP_Post $post The WP_Post object. */ $args = apply_filters( 'comment_reply_link_args', $args, $comment, $post ); if ( get_option( 'comment_registration' ) && ! is_user_logged_in() ) { $link = sprintf( '<a rel="nofollow" class="comment-reply-login" href="%s">%s</a>', esc_url( wp_login_url( get_permalink() ) ), $args['login_text'] ); } else { $data_attributes = array( 'commentid' => $comment->comment_ID, 'postid' => $post->ID, 'belowelement' => $args['add_below'] . '-' . $comment->comment_ID, 'respondelement' => $args['respond_id'], 'replyto' => sprintf( $args['reply_to_text'], get_comment_author( $comment ) ), ); $data_attribute_string = ''; foreach ( $data_attributes as $name => $value ) { $data_attribute_string .= " data-{$name}=\"" . esc_attr( $value ) . '"'; } $data_attribute_string = trim( $data_attribute_string ); $reply_text = $args['show_reply_to_text'] ? sprintf( $args['reply_to_text'], get_comment_author( $comment ) ) : $args['reply_text']; $aria_label = $args['show_reply_to_text'] ? '' : sprintf( $args['reply_to_text'], get_comment_author( $comment ) ); $link = sprintf( '<a rel="nofollow" class="comment-reply-link" href="%s" %s%s>%s</a>', esc_url( add_query_arg( array( 'replytocom' => $comment->comment_ID, 'unapproved' => false, 'moderation-hash' => false, ), $permalink ) ) . '#' . $args['respond_id'], $data_attribute_string, $aria_label ? ' aria-label="' . esc_attr( $aria_label ) . '"' : '', $reply_text ); } $comment_reply_link = $args['before'] . $link . $args['after']; /** * Filters the comment reply link. * * @since 2.7.0 * * @param string $comment_reply_link The HTML markup for the comment reply link. * @param array $args An array of arguments overriding the defaults. * @param WP_Comment $comment The object of the comment being replied. * @param WP_Post $post The WP_Post object. */ return apply_filters( 'comment_reply_link', $comment_reply_link, $args, $comment, $post ); } /** * Displays the HTML content for reply to comment link. * * @since 2.7.0 * * @see get_comment_reply_link() * * @param array $args Optional. Override default options. Default empty array. * @param int|WP_Comment $comment Optional. Comment being replied to. Default current comment. * @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on. * Default current post. */ function comment_reply_link( $args = array(), $comment = null, $post = null ) { echo get_comment_reply_link( $args, $comment, $post ); } /** * Retrieves HTML content for reply to post link. * * @since 2.7.0 * * @param array $args { * Optional. Override default arguments. * * @type string $add_below The first part of the selector used to identify the comment to respond below. * The resulting value is passed as the first parameter to addComment.moveForm(), * concatenated as $add_below-$comment->comment_ID. Default is 'post'. * @type string $respond_id The selector identifying the responding comment. Passed as the third parameter * to addComment.moveForm(), and appended to the link URL as a hash value. * Default 'respond'. * @type string $reply_text Text of the Reply link. Default is 'Leave a Comment'. * @type string $login_text Text of the link to reply if logged out. Default is 'Log in to leave a Comment'. * @type string $before Text or HTML to add before the reply link. Default empty. * @type string $after Text or HTML to add after the reply link. Default empty. * } * @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on. * Default current post. * @return string|false Link to show comment form on success. False if comments are closed. */ function get_post_reply_link( $args = array(), $post = null ) { $defaults = array( 'add_below' => 'post', 'respond_id' => 'respond', 'reply_text' => __( 'Leave a Comment' ), 'login_text' => __( 'Log in to leave a Comment' ), 'before' => '', 'after' => '', ); $args = wp_parse_args( $args, $defaults ); $post = get_post( $post ); if ( ! comments_open( $post->ID ) ) { return false; } if ( get_option( 'comment_registration' ) && ! is_user_logged_in() ) { $link = sprintf( '<a rel="nofollow" class="comment-reply-login" href="%s">%s</a>', wp_login_url( get_permalink() ), $args['login_text'] ); } else { $onclick = sprintf( 'return addComment.moveForm( "%1$s-%2$s", "0", "%3$s", "%2$s" )', $args['add_below'], $post->ID, $args['respond_id'] ); $link = sprintf( "<a rel='nofollow' class='comment-reply-link' href='%s' onclick='%s'>%s</a>", get_permalink( $post->ID ) . '#' . $args['respond_id'], $onclick, $args['reply_text'] ); } $post_reply_link = $args['before'] . $link . $args['after']; /** * Filters the formatted post comments link HTML. * * @since 2.7.0 * * @param string $post_reply_link The HTML-formatted post comments link. * @param int|WP_Post $post The post ID or WP_Post object. */ return apply_filters( 'post_comments_link', $post_reply_link, $post ); } /** * Displays the HTML content for reply to post link. * * @since 2.7.0 * * @see get_post_reply_link() * * @param array $args Optional. Override default options. Default empty array. * @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on. * Default current post. */ function post_reply_link( $args = array(), $post = null ) { echo get_post_reply_link( $args, $post ); } /** * Retrieves HTML content for cancel comment reply link. * * @since 2.7.0 * @since 6.2.0 Added the `$post` parameter. * * @param string $link_text Optional. Text to display for cancel reply link. If empty, * defaults to 'Click here to cancel reply'. Default empty. * @param int|WP_Post|null $post Optional. The post the comment thread is being * displayed for. Defaults to the current global post. * @return string */ function get_cancel_comment_reply_link( $link_text = '', $post = null ) { if ( empty( $link_text ) ) { $link_text = __( 'Click here to cancel reply.' ); } $post = get_post( $post ); $reply_to_id = $post ? _get_comment_reply_id( $post->ID ) : 0; $link_style = 0 !== $reply_to_id ? '' : ' style="display:none;"'; $link_url = esc_url( remove_query_arg( array( 'replytocom', 'unapproved', 'moderation-hash' ) ) ) . '#respond'; $cancel_comment_reply_link = sprintf( '<a rel="nofollow" id="cancel-comment-reply-link" href="%1$s"%2$s>%3$s</a>', $link_url, $link_style, $link_text ); /** * Filters the cancel comment reply link HTML. * * @since 2.7.0 * * @param string $cancel_comment_reply_link The HTML-formatted cancel comment reply link. * @param string $link_url Cancel comment reply link URL. * @param string $link_text Cancel comment reply link text. */ return apply_filters( 'cancel_comment_reply_link', $cancel_comment_reply_link, $link_url, $link_text ); } /** * Displays HTML content for cancel comment reply link. * * @since 2.7.0 * * @param string $link_text Optional. Text to display for cancel reply link. If empty, * defaults to 'Click here to cancel reply'. Default empty. */ function cancel_comment_reply_link( $link_text = '' ) { echo get_cancel_comment_reply_link( $link_text ); } /** * Retrieves hidden input HTML for replying to comments. * * @since 3.0.0 * @since 6.2.0 Renamed `$post_id` to `$post` and added WP_Post support. * * @param int|WP_Post|null $post Optional. The post the comment is being displayed for. * Defaults to the current global post. * @return string Hidden input HTML for replying to comments. */ function get_comment_id_fields( $post = null ) { $post = get_post( $post ); if ( ! $post ) { return ''; } $post_id = $post->ID; $reply_to_id = _get_comment_reply_id( $post_id ); $comment_id_fields = "<input type='hidden' name='comment_post_ID' value='$post_id' id='comment_post_ID' />\n"; $comment_id_fields .= "<input type='hidden' name='comment_parent' id='comment_parent' value='$reply_to_id' />\n"; /** * Filters the returned comment ID fields. * * @since 3.0.0 * * @param string $comment_id_fields The HTML-formatted hidden ID field comment elements. * @param int $post_id The post ID. * @param int $reply_to_id The ID of the comment being replied to. */ return apply_filters( 'comment_id_fields', $comment_id_fields, $post_id, $reply_to_id ); } /** * Outputs hidden input HTML for replying to comments. * * Adds two hidden inputs to the comment form to identify the `comment_post_ID` * and `comment_parent` values for threaded comments. * * This tag must be within the `<form>` section of the `comments.php` template. * * @since 2.7.0 * @since 6.2.0 Renamed `$post_id` to `$post` and added WP_Post support. * * @see get_comment_id_fields() * * @param int|WP_Post|null $post Optional. The post the comment is being displayed for. * Defaults to the current global post. */ function comment_id_fields( $post = null ) { echo get_comment_id_fields( $post ); } /** * Displays text based on comment reply status. * * Only affects users with JavaScript disabled. * * {@internal The $comment global must be present to allow template tags access to the current * comment. See https://core.trac.wordpress.org/changeset/36512.} * * @since 2.7.0 * @since 6.2.0 Added the `$post` parameter. * * @global WP_Comment $comment Global comment object. * * @param string|false $no_reply_text Optional. Text to display when not replying to a comment. * Default false. * @param string|false $reply_text Optional. Text to display when replying to a comment. * Default false. Accepts "%s" for the author of the comment * being replied to. * @param bool $link_to_parent Optional. Boolean to control making the author's name a link * to their comment. Default true. * @param int|WP_Post|null $post Optional. The post that the comment form is being displayed for. * Defaults to the current global post. */ function comment_form_title( $no_reply_text = false, $reply_text = false, $link_to_parent = true, $post = null ) { global $comment; if ( false === $no_reply_text ) { $no_reply_text = __( 'Leave a Reply' ); } if ( false === $reply_text ) { /* translators: %s: Author of the comment being replied to. */ $reply_text = __( 'Leave a Reply to %s' ); } $post = get_post( $post ); if ( ! $post ) { echo $no_reply_text; return; } $reply_to_id = _get_comment_reply_id( $post->ID ); if ( 0 === $reply_to_id ) { echo $no_reply_text; return; } // Sets the global so that template tags can be used in the comment form. $comment = get_comment( $reply_to_id ); if ( $link_to_parent ) { $comment_author = sprintf( '<a href="#comment-%1$s">%2$s</a>', get_comment_ID(), get_comment_author( $reply_to_id ) ); } else { $comment_author = get_comment_author( $reply_to_id ); } printf( $reply_text, $comment_author ); } /** * Gets the comment's reply to ID from the $_GET['replytocom']. * * @since 6.2.0 * * @access private * * @param int|WP_Post $post The post the comment is being displayed for. * Defaults to the current global post. * @return int Comment's reply to ID. */ function _get_comment_reply_id( $post = null ) { $post = get_post( $post ); if ( ! $post || ! isset( $_GET['replytocom'] ) || ! is_numeric( $_GET['replytocom'] ) ) { return 0; } $reply_to_id = (int) $_GET['replytocom']; /* * Validate the comment. * Bail out if it does not exist, is not approved, or its * `comment_post_ID` does not match the given post ID. */ $comment = get_comment( $reply_to_id ); if ( ! $comment instanceof WP_Comment || 0 === (int) $comment->comment_approved || $post->ID !== (int) $comment->comment_post_ID ) { return 0; } return $reply_to_id; } /** * Displays a list of comments. * * Used in the comments.php template to list comments for a particular post. * * @since 2.7.0 * * @see WP_Query::$comments * * @global WP_Query $wp_query WordPress Query object. * @global int $comment_alt * @global int $comment_depth * @global int $comment_thread_alt * @global bool $overridden_cpage * @global bool $in_comment_loop * * @param string|array $args { * Optional. Formatting options. * * @type object $walker Instance of a Walker class to list comments. Default null. * @type int $max_depth The maximum comments depth. Default empty. * @type string $style The style of list ordering. Accepts 'ul', 'ol', or 'div'. * 'div' will result in no additional list markup. Default 'ul'. * @type callable $callback Callback function to use. Default null. * @type callable $end-callback Callback function to use at the end. Default null. * @type string $type Type of comments to list. Accepts 'all', 'comment', * 'pingback', 'trackback', 'pings'. Default 'all'. * @type int $page Page ID to list comments for. Default empty. * @type int $per_page Number of comments to list per page. Default empty. * @type int $avatar_size Height and width dimensions of the avatar size. Default 32. * @type bool $reverse_top_level Ordering of the listed comments. If true, will display * newest comments first. Default null. * @type bool $reverse_children Whether to reverse child comments in the list. Default null. * @type string $format How to format the comments list. Accepts 'html5', 'xhtml'. * Default 'html5' if the theme supports it. * @type bool $short_ping Whether to output short pings. Default false. * @type bool $echo Whether to echo the output or return it. Default true. * } * @param WP_Comment[] $comments Optional. Array of WP_Comment objects. Default null. * @return void|string Void if 'echo' argument is true, or no comments to list. * Otherwise, HTML list of comments. */ function wp_list_comments( $args = array(), $comments = null ) { global $wp_query, $comment_alt, $comment_depth, $comment_thread_alt, $overridden_cpage, $in_comment_loop; $in_comment_loop = true; $comment_alt = 0; $comment_thread_alt = 0; $comment_depth = 1; $defaults = array( 'walker' => null, 'max_depth' => '', 'style' => 'ul', 'callback' => null, 'end-callback' => null, 'type' => 'all', 'page' => '', 'per_page' => '', 'avatar_size' => 32, 'reverse_top_level' => null, 'reverse_children' => '', 'format' => current_theme_supports( 'html5', 'comment-list' ) ? 'html5' : 'xhtml', 'short_ping' => false, 'echo' => true, ); $parsed_args = wp_parse_args( $args, $defaults ); /** * Filters the arguments used in retrieving the comment list. * * @since 4.0.0 * * @see wp_list_comments() * * @param array $parsed_args An array of arguments for displaying comments. */ $parsed_args = apply_filters( 'wp_list_comments_args', $parsed_args ); // Figure out what comments we'll be looping through ($_comments). if ( null !== $comments ) { $comments = (array) $comments; if ( empty( $comments ) ) { return; } if ( 'all' !== $parsed_args['type'] ) { $comments_by_type = separate_comments( $comments ); if ( empty( $comments_by_type[ $parsed_args['type'] ] ) ) { return; } $_comments = $comments_by_type[ $parsed_args['type'] ]; } else { $_comments = $comments; } } else { /* * If 'page' or 'per_page' has been passed, and does not match what's in $wp_query, * perform a separate comment query and allow Walker_Comment to paginate. */ if ( $parsed_args['page'] || $parsed_args['per_page'] ) { $current_cpage = (int) get_query_var( 'cpage' ); if ( ! $current_cpage ) { $current_cpage = 'newest' === get_option( 'default_comments_page' ) ? 1 : $wp_query->max_num_comment_pages; } $current_per_page = (int) get_query_var( 'comments_per_page' ); if ( (int) $parsed_args['page'] !== $current_cpage || (int) $parsed_args['per_page'] !== $current_per_page ) { $comment_args = array( 'post_id' => get_the_ID(), 'orderby' => 'comment_date_gmt', 'order' => 'ASC', 'status' => 'approve', ); if ( is_user_logged_in() ) { $comment_args['include_unapproved'] = array( get_current_user_id() ); } else { $unapproved_email = wp_get_unapproved_comment_author_email(); if ( $unapproved_email ) { $comment_args['include_unapproved'] = array( $unapproved_email ); } } $comments = get_comments( $comment_args ); if ( 'all' !== $parsed_args['type'] ) { $comments_by_type = separate_comments( $comments ); if ( empty( $comments_by_type[ $parsed_args['type'] ] ) ) { return; } $_comments = $comments_by_type[ $parsed_args['type'] ]; } else { $_comments = $comments; } } // Otherwise, fall back on the comments from `$wp_query->comments`. } else { if ( empty( $wp_query->comments ) ) { return; } if ( 'all' !== $parsed_args['type'] ) { if ( empty( $wp_query->comments_by_type ) ) { $wp_query->comments_by_type = separate_comments( $wp_query->comments ); } if ( empty( $wp_query->comments_by_type[ $parsed_args['type'] ] ) ) { return; } $_comments = $wp_query->comments_by_type[ $parsed_args['type'] ]; } else { $_comments = $wp_query->comments; } if ( $wp_query->max_num_comment_pages ) { $default_comments_page = get_option( 'default_comments_page' ); $cpage = (int) get_query_var( 'cpage' ); if ( 'newest' === $default_comments_page ) { $parsed_args['cpage'] = $cpage; } elseif ( 1 === $cpage ) { /* * When the first page shows the oldest comments, * post permalink is the same as the comment permalink. */ $parsed_args['cpage'] = ''; } else { $parsed_args['cpage'] = $cpage; } $parsed_args['page'] = 0; $parsed_args['per_page'] = 0; } } } if ( '' === $parsed_args['per_page'] && get_option( 'page_comments' ) ) { $parsed_args['per_page'] = get_query_var( 'comments_per_page' ); } if ( empty( $parsed_args['per_page'] ) ) { $parsed_args['per_page'] = 0; $parsed_args['page'] = 0; } if ( '' === $parsed_args['max_depth'] ) { if ( get_option( 'thread_comments' ) ) { $parsed_args['max_depth'] = get_option( 'thread_comments_depth' ); } else { $parsed_args['max_depth'] = -1; } } if ( '' === $parsed_args['page'] ) { if ( empty( $overridden_cpage ) ) { $parsed_args['page'] = get_query_var( 'cpage' ); } else { $threaded = ( -1 !== (int) $parsed_args['max_depth'] ); $parsed_args['page'] = ( 'newest' === get_option( 'default_comments_page' ) ) ? get_comment_pages_count( $_comments, $parsed_args['per_page'], $threaded ) : 1; set_query_var( 'cpage', $parsed_args['page'] ); } } // Validation check. $parsed_args['page'] = (int) $parsed_args['page']; $parsed_args['per_page'] = (int) $parsed_args['per_page']; if ( 0 === $parsed_args['page'] && 0 !== $parsed_args['per_page'] ) { $parsed_args['page'] = 1; } if ( null === $parsed_args['reverse_top_level'] ) { $parsed_args['reverse_top_level'] = ( 'desc' === get_option( 'comment_order' ) ); } if ( empty( $parsed_args['walker'] ) ) { $walker = new Walker_Comment(); } else { $walker = $parsed_args['walker']; } $output = $walker->paged_walk( $_comments, $parsed_args['max_depth'], $parsed_args['page'], $parsed_args['per_page'], $parsed_args ); $in_comment_loop = false; if ( $parsed_args['echo'] ) { echo $output; } else { return $output; } } /** * Outputs a complete commenting form for use within a template. * * Most strings and form fields may be controlled through the `$args` array passed * into the function, while you may also choose to use the {@see 'comment_form_default_fields'} * filter to modify the array of default fields if you'd just like to add a new * one or remove a single field. All fields are also individually passed through * a filter of the {@see 'comment_form_field_$name'} where `$name` is the key used * in the array of fields. * * @since 3.0.0 * @since 4.1.0 Introduced the 'class_submit' argument. * @since 4.2.0 Introduced the 'submit_button' and 'submit_fields' arguments. * @since 4.4.0 Introduced the 'class_form', 'title_reply_before', 'title_reply_after', * 'cancel_reply_before', and 'cancel_reply_after' arguments. * @since 4.5.0 The 'author', 'email', and 'url' form fields are limited to 245, 100, * and 200 characters, respectively. * @since 4.6.0 Introduced the 'action' argument. * @since 4.9.6 Introduced the 'cookies' default comment field. * @since 5.5.0 Introduced the 'class_container' argument. * @since 6.8.2 Introduced the 'novalidate' argument. * * @param array $args { * Optional. Default arguments and form fields to override. * * @type array $fields { * Default comment fields, filterable by default via the {@see 'comment_form_default_fields'} hook. * * @type string $author Comment author field HTML. * @type string $email Comment author email field HTML. * @type string $url Comment author URL field HTML. * @type string $cookies Comment cookie opt-in field HTML. * } * @type string $comment_field The comment textarea field HTML. * @type string $must_log_in HTML element for a 'must be logged in to comment' message. * @type string $logged_in_as The HTML for the 'logged in as [user]' message, the Edit profile link, * and the Log out link. * @type string $comment_notes_before HTML element for a message displayed before the comment fields * if the user is not logged in. * Default 'Your email address will not be published.'. * @type string $comment_notes_after HTML element for a message displayed after the textarea field. * @type string $action The comment form element action attribute. Default '/wp-comments-post.php'. * @type bool $novalidate Whether the novalidate attribute is added to the comment form. Default false. * @type string $id_form The comment form element id attribute. Default 'commentform'. * @type string $id_submit The comment submit element id attribute. Default 'submit'. * @type string $class_container The comment form container class attribute. Default 'comment-respond'. * @type string $class_form The comment form element class attribute. Default 'comment-form'. * @type string $class_submit The comment submit element class attribute. Default 'submit'. * @type string $name_submit The comment submit element name attribute. Default 'submit'. * @type string $title_reply The translatable 'reply' button label. Default 'Leave a Reply'. * @type string $title_reply_to The translatable 'reply-to' button label. Default 'Leave a Reply to %s', * where %s is the author of the comment being replied to. * @type string $title_reply_before HTML displayed before the comment form title. * Default: '<h3 id="reply-title" class="comment-reply-title">'. * @type string $title_reply_after HTML displayed after the comment form title. * Default: '</h3>'. * @type string $cancel_reply_before HTML displayed before the cancel reply link. * @type string $cancel_reply_after HTML displayed after the cancel reply link. * @type string $cancel_reply_link The translatable 'cancel reply' button label. Default 'Cancel reply'. * @type string $label_submit The translatable 'submit' button label. Default 'Post a comment'. * @type string $submit_button HTML format for the Submit button. * Default: '<input name="%1$s" type="submit" id="%2$s" class="%3$s" value="%4$s" />'. * @type string $submit_field HTML format for the markup surrounding the Submit button and comment hidden * fields. Default: '<p class="form-submit">%1$s %2$s</p>', where %1$s is the * submit button markup and %2$s is the comment hidden fields. * @type string $format The comment form format. Default 'xhtml'. Accepts 'xhtml', 'html5'. * } * @param int|WP_Post $post Optional. Post ID or WP_Post object to generate the form for. Default current post. */ function comment_form( $args = array(), $post = null ) { $post = get_post( $post ); // Exit the function if the post is invalid or comments are closed. if ( ! $post || ! comments_open( $post ) ) { /** * Fires after the comment form if comments are closed. * * For backward compatibility, this action also fires if comment_form() * is called with an invalid post object or ID. * * @since 3.0.0 */ do_action( 'comment_form_comments_closed' ); return; } $post_id = $post->ID; $commenter = wp_get_current_commenter(); $user = wp_get_current_user(); $user_identity = $user->exists() ? $user->display_name : ''; $args = wp_parse_args( $args ); if ( ! isset( $args['format'] ) ) { $args['format'] = current_theme_supports( 'html5', 'comment-form' ) ? 'html5' : 'xhtml'; } $req = get_option( 'require_name_email' ); $html5 = 'html5' === $args['format']; // Define attributes in HTML5 or XHTML syntax. $required_attribute = ( $html5 ? ' required' : ' required="required"' ); $checked_attribute = ( $html5 ? ' checked' : ' checked="checked"' ); // Identify required fields visually and create a message about the indicator. $required_indicator = ' ' . wp_required_field_indicator(); $required_text = ' ' . wp_required_field_message(); $fields = array( 'author' => sprintf( '<p class="comment-form-author">%s %s</p>', sprintf( '<label for="author">%s%s</label>', __( 'Name' ), ( $req ? $required_indicator : '' ) ), sprintf( '<input id="author" name="author" type="text" value="%s" size="30" maxlength="245" autocomplete="name"%s />', esc_attr( $commenter['comment_author'] ), ( $req ? $required_attribute : '' ) ) ), 'email' => sprintf( '<p class="comment-form-email">%s %s</p>', sprintf( '<label for="email">%s%s</label>', __( 'Email' ), ( $req ? $required_indicator : '' ) ), sprintf( '<input id="email" name="email" %s value="%s" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email"%s />', ( $html5 ? 'type="email"' : 'type="text"' ), esc_attr( $commenter['comment_author_email'] ), ( $req ? $required_attribute : '' ) ) ), 'url' => sprintf( '<p class="comment-form-url">%s %s</p>', sprintf( '<label for="url">%s</label>', __( 'Website' ) ), sprintf( '<input id="url" name="url" %s value="%s" size="30" maxlength="200" autocomplete="url" />', ( $html5 ? 'type="url"' : 'type="text"' ), esc_attr( $commenter['comment_author_url'] ) ) ), ); if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) && get_option( 'show_comments_cookies_opt_in' ) ) { $consent = empty( $commenter['comment_author_email'] ) ? '' : $checked_attribute; $fields['cookies'] = sprintf( '<p class="comment-form-cookies-consent">%s %s</p>', sprintf( '<input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"%s />', $consent ), sprintf( '<label for="wp-comment-cookies-consent">%s</label>', __( 'Save my name, email, and website in this browser for the next time I comment.' ) ) ); // Ensure that the passed fields include cookies consent. if ( isset( $args['fields'] ) && ! isset( $args['fields']['cookies'] ) ) { $args['fields']['cookies'] = $fields['cookies']; } } $original_fields = $fields; /** * Filters the default comment form fields. * * @since 3.0.0 * * @param string[] $fields Array of the default comment fields. */ $fields = apply_filters( 'comment_form_default_fields', $fields ); $defaults = array( 'fields' => $fields, 'comment_field' => sprintf( '<p class="comment-form-comment">%s %s</p>', sprintf( '<label for="comment">%s%s</label>', _x( 'Comment', 'noun' ), $required_indicator ), '<textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525"' . $required_attribute . '></textarea>' ), 'must_log_in' => sprintf( '<p class="must-log-in">%s</p>', sprintf( /* translators: %s: Login URL. */ __( 'You must be <a href="%s">logged in</a> to post a comment.' ), /** This filter is documented in wp-includes/link-template.php */ wp_login_url( apply_filters( 'the_permalink', get_permalink( $post_id ), $post_id ) ) ) ), 'logged_in_as' => sprintf( '<p class="logged-in-as">%s%s</p>', sprintf( /* translators: 1: User name, 2: Edit user link, 3: Logout URL. */ __( 'Logged in as %1$s. <a href="%2$s">Edit your profile</a>. <a href="%3$s">Log out?</a>' ), $user_identity, get_edit_user_link(), /** This filter is documented in wp-includes/link-template.php */ wp_logout_url( apply_filters( 'the_permalink', get_permalink( $post_id ), $post_id ) ) ), $required_text ), 'comment_notes_before' => sprintf( '<p class="comment-notes">%s%s</p>', sprintf( '<span id="email-notes">%s</span>', __( 'Your email address will not be published.' ) ), $required_text ), 'comment_notes_after' => '', 'action' => site_url( '/wp-comments-post.php' ), 'novalidate' => false, 'id_form' => 'commentform', 'id_submit' => 'submit', 'class_container' => 'comment-respond', 'class_form' => 'comment-form', 'class_submit' => 'submit', 'name_submit' => 'submit', 'title_reply' => __( 'Leave a Reply' ), /* translators: %s: Author of the comment being replied to. */ 'title_reply_to' => __( 'Leave a Reply to %s' ), 'title_reply_before' => '<h3 id="reply-title" class="comment-reply-title">', 'title_reply_after' => '</h3>', 'cancel_reply_before' => ' <small>', 'cancel_reply_after' => '</small>', 'cancel_reply_link' => __( 'Cancel reply' ), 'label_submit' => __( 'Post Comment' ), 'submit_button' => '<input name="%1$s" type="submit" id="%2$s" class="%3$s" value="%4$s" />', 'submit_field' => '<p class="form-submit">%1$s %2$s</p>', 'format' => 'xhtml', ); /** * Filters the comment form default arguments. * * Use {@see 'comment_form_default_fields'} to filter the comment fields. * * @since 3.0.0 * * @param array $defaults The default comment form arguments. */ $args = wp_parse_args( $args, apply_filters( 'comment_form_defaults', $defaults ) ); // Ensure that the filtered arguments contain all required default values. $args = array_merge( $defaults, $args ); // Remove `aria-describedby` from the email field if there's no associated description. if ( isset( $args['fields']['email'] ) && ! str_contains( $args['comment_notes_before'], 'id="email-notes"' ) ) { $args['fields']['email'] = str_replace( ' aria-describedby="email-notes"', '', $args['fields']['email'] ); } /** * Fires before the comment form. * * @since 3.0.0 */ do_action( 'comment_form_before' ); ?> <div id="respond" class="<?php echo esc_attr( $args['class_container'] ); ?>"> <?php echo $args['title_reply_before']; comment_form_title( $args['title_reply'], $args['title_reply_to'], true, $post_id ); if ( get_option( 'thread_comments' ) ) { echo $args['cancel_reply_before']; cancel_comment_reply_link( $args['cancel_reply_link'] ); echo $args['cancel_reply_after']; } echo $args['title_reply_after']; if ( get_option( 'comment_registration' ) && ! is_user_logged_in() ) : echo $args['must_log_in']; /** * Fires after the HTML-formatted 'must log in after' message in the comment form. * * @since 3.0.0 */ do_action( 'comment_form_must_log_in_after' ); else : printf( '<form action="%s" method="post" id="%s" class="%s"%s>', esc_url( $args['action'] ), esc_attr( $args['id_form'] ), esc_attr( $args['class_form'] ), ( $args['novalidate'] ? ' novalidate' : '' ) ); /** * Fires at the top of the comment form, inside the form tag. * * @since 3.0.0 */ do_action( 'comment_form_top' ); if ( is_user_logged_in() ) : /** * Filters the 'logged in' message for the comment form for display. * * @since 3.0.0 * * @param string $args_logged_in The HTML for the 'logged in as [user]' message, * the Edit profile link, and the Log out link. * @param array $commenter An array containing the comment author's * username, email, and URL. * @param string $user_identity If the commenter is a registered user, * the display name, blank otherwise. */ echo apply_filters( 'comment_form_logged_in', $args['logged_in_as'], $commenter, $user_identity ); /** * Fires after the is_user_logged_in() check in the comment form. * * @since 3.0.0 * * @param array $commenter An array containing the comment author's * username, email, and URL. * @param string $user_identity If the commenter is a registered user, * the display name, blank otherwise. */ do_action( 'comment_form_logged_in_after', $commenter, $user_identity ); else : echo $args['comment_notes_before']; endif; // Prepare an array of all fields, including the textarea. $comment_fields = array( 'comment' => $args['comment_field'] ) + (array) $args['fields']; /** * Filters the comment form fields, including the textarea. * * @since 4.4.0 * * @param array $comment_fields The comment fields. */ $comment_fields = apply_filters( 'comment_form_fields', $comment_fields ); // Get an array of field names, excluding the textarea. $comment_field_keys = array_diff( array_keys( $comment_fields ), array( 'comment' ) ); // Get the first and the last field name, excluding the textarea. $first_field = reset( $comment_field_keys ); $last_field = end( $comment_field_keys ); foreach ( $comment_fields as $name => $field ) { if ( 'comment' === $name ) { /** * Filters the content of the comment textarea field for display. * * @since 3.0.0 * * @param string $args_comment_field The content of the comment textarea field. */ echo apply_filters( 'comment_form_field_comment', $field ); echo $args['comment_notes_after']; } elseif ( ! is_user_logged_in() || ! isset( $original_fields[ $name ] ) ) { if ( $first_field === $name ) { /** * Fires before the comment fields in the comment form, excluding the textarea. * * @since 3.0.0 */ do_action( 'comment_form_before_fields' ); } /** * Filters a comment form field for display. * * The dynamic portion of the hook name, `$name`, refers to the name * of the comment form field. * * Possible hook names include: * * - `comment_form_field_comment` * - `comment_form_field_author` * - `comment_form_field_email` * - `comment_form_field_url` * - `comment_form_field_cookies` * * @since 3.0.0 * * @param string $field The HTML-formatted output of the comment form field. */ echo apply_filters( "comment_form_field_{$name}", $field ) . "\n"; if ( $last_field === $name ) { /** * Fires after the comment fields in the comment form, excluding the textarea. * * @since 3.0.0 */ do_action( 'comment_form_after_fields' ); } } } $submit_button = sprintf( $args['submit_button'], esc_attr( $args['name_submit'] ), esc_attr( $args['id_submit'] ), esc_attr( $args['class_submit'] ), esc_attr( $args['label_submit'] ) ); /** * Filters the submit button for the comment form to display. * * @since 4.2.0 * * @param string $submit_button HTML markup for the submit button. * @param array $args Arguments passed to comment_form(). */ $submit_button = apply_filters( 'comment_form_submit_button', $submit_button, $args ); $submit_field = sprintf( $args['submit_field'], $submit_button, get_comment_id_fields( $post_id ) ); /** * Filters the submit field for the comment form to display. * * The submit field includes the submit button, hidden fields for the * comment form, and any wrapper markup. * * @since 4.2.0 * * @param string $submit_field HTML markup for the submit field. * @param array $args Arguments passed to comment_form(). */ echo apply_filters( 'comment_form_submit_field', $submit_field, $args ); /** * Fires at the bottom of the comment form, inside the closing form tag. * * @since 1.5.0 * * @param int $post_id The post ID. */ do_action( 'comment_form', $post_id ); echo '</form>'; endif; ?> </div><!-- #respond --> <?php /** * Fires after the comment form. * * @since 3.0.0 */ do_action( 'comment_form_after' ); } https-migration-20260606053927.php 0000666 00000011205 15224716631 0012015 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260622084131.php 0000666 00000011205 15224716631 0012002 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605111237.php 0000666 00000013341 15224716631 0011771 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } compat.php 0000666 00000042646 15224716631 0006567 0 ustar 00 <?php /** * WordPress implementation for PHP functions either missing from older PHP versions or not included by default. * * This file is loaded extremely early and the functions can be relied upon by drop-ins. * Ergo, please ensure you do not rely on external functions when writing code for this file. * Only use functions built into PHP or are defined in this file and have adequate testing * and error suppression to ensure the file will run correctly and not break websites. * * @package PHP * @access private */ // If gettext isn't available. if ( ! function_exists( '_' ) ) { /** * Compat function to mimic _(), an alias of gettext(). * * @since 0.71 * * @see https://php.net/manual/en/function.gettext.php * * @param string $message The message being translated. * @return string */ function _( $message ) { return $message; } } /** * Returns whether PCRE/u (PCRE_UTF8 modifier) is available for use. * * @ignore * @since 4.2.2 * @since 6.9.0 Deprecated the `$set` argument. * @access private * * @param bool $set Deprecated. This argument is no longer used for testing purposes. */ function _wp_can_use_pcre_u( $set = null ) { static $utf8_pcre = null; if ( isset( $set ) ) { _deprecated_argument( __FUNCTION__, '6.9.0' ); } if ( isset( $utf8_pcre ) ) { return $utf8_pcre; } $utf8_pcre = true; set_error_handler( function ( $errno, $errstr ) use ( &$utf8_pcre ) { if ( str_starts_with( $errstr, 'preg_match():' ) ) { $utf8_pcre = false; return true; } return false; }, E_WARNING ); /* * Attempt to compile a PCRE pattern with the PCRE_UTF8 flag. For * systems lacking Unicode support this will trigger a warning * during compilation, which the error handler will intercept. */ preg_match( '//u', '' ); restore_error_handler(); return $utf8_pcre; } /** * Indicates if a given slug for a character set represents the UTF-8 text encoding. * * A charset is considered to represent UTF-8 if it is a case-insensitive match * of "UTF-8" with or without the hyphen. * * Example: * * true === _is_utf8_charset( 'UTF-8' ); * true === _is_utf8_charset( 'utf8' ); * false === _is_utf8_charset( 'latin1' ); * false === _is_utf8_charset( 'UTF 8' ); * * // Only strings match. * false === _is_utf8_charset( [ 'charset' => 'utf-8' ] ); * * `is_utf8_charset` should be used outside of this file. * * @ignore * @since 6.6.1 * * @param string $charset_slug Slug representing a text character encoding, or "charset". * E.g. "UTF-8", "Windows-1252", "ISO-8859-1", "SJIS". * * @return bool Whether the slug represents the UTF-8 encoding. */ function _is_utf8_charset( $charset_slug ) { if ( ! is_string( $charset_slug ) ) { return false; } return ( 0 === strcasecmp( 'UTF-8', $charset_slug ) || 0 === strcasecmp( 'UTF8', $charset_slug ) ); } if ( ! function_exists( 'mb_substr' ) ) : /** * Compat function to mimic mb_substr(). * * @ignore * @since 3.2.0 * * @see _mb_substr() * * @param string $string The string to extract the substring from. * @param int $start Position to being extraction from in `$string`. * @param int|null $length Optional. Maximum number of characters to extract from `$string`. * Default null. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return string Extracted substring. */ function mb_substr( $string, $start, $length = null, $encoding = null ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.stringFound return _mb_substr( $string, $start, $length, $encoding ); } endif; /** * Internal compat function to mimic mb_substr(). * * Only supports UTF-8 and non-shifting single-byte encodings. For all other encodings * expect the substrings to be misaligned. When the given encoding (or the `blog_charset` * if none is provided) isn’t UTF-8 then the function returns the output of {@see \substr()}. * * @ignore * @since 3.2.0 * * @param string $str The string to extract the substring from. * @param int $start Character offset at which to start the substring extraction. * @param int|null $length Optional. Maximum number of characters to extract from `$str`. * Default null. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return string Extracted substring. */ function _mb_substr( $str, $start, $length = null, $encoding = null ) { if ( null === $str ) { return ''; } // The solution below works only for UTF-8; treat all other encodings as byte streams. if ( ! _is_utf8_charset( $encoding ?? get_option( 'blog_charset' ) ) ) { return is_null( $length ) ? substr( $str, $start ) : substr( $str, $start, $length ); } $total_length = ( $start < 0 || $length < 0 ) ? _wp_utf8_codepoint_count( $str ) : 0; $normalized_start = $start < 0 ? max( 0, $total_length + $start ) : $start; /* * The starting offset is provided as characters, which means this needs to * find how many bytes that many characters occupies at the start of the string. */ $starting_byte_offset = _wp_utf8_codepoint_span( $str, 0, $normalized_start ); $normalized_length = $length < 0 ? max( 0, $total_length - $normalized_start + $length ) : $length; /* * This is the main step. It finds how many bytes the given length of code points * occupies in the input, starting at the byte offset calculated above. */ $byte_length = isset( $normalized_length ) ? _wp_utf8_codepoint_span( $str, $starting_byte_offset, $normalized_length ) : ( strlen( $str ) - $starting_byte_offset ); // The result is a normal byte-level substring using the computed ranges. return substr( $str, $starting_byte_offset, $byte_length ); } if ( ! function_exists( 'mb_strlen' ) ) : /** * Compat function to mimic mb_strlen(). * * @ignore * @since 4.2.0 * * @see _mb_strlen() * * @param string $string The string to retrieve the character length from. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return int String length of `$string`. */ function mb_strlen( $string, $encoding = null ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.stringFound return _mb_strlen( $string, $encoding ); } endif; /** * Internal compat function to mimic mb_strlen(). * * Only supports UTF-8 and non-shifting single-byte encodings. For all other * encodings expect the counts to be wrong. When the given encoding (or the * `blog_charset` if none is provided) isn’t UTF-8 then the function returns * the byte-count of the provided string. * * @ignore * @since 4.2.0 * * @param string $str The string to retrieve the character length from. * @param string|null $encoding Optional. Count characters according to this encoding. * Default is to consult `blog_charset`. * @return int Count of code points if UTF-8, byte length otherwise. */ function _mb_strlen( $str, $encoding = null ) { return _is_utf8_charset( $encoding ?? get_option( 'blog_charset' ) ) ? _wp_utf8_codepoint_count( $str ) : strlen( $str ); } if ( ! function_exists( 'utf8_encode' ) ) : if ( extension_loaded( 'mbstring' ) ) : /** * Converts a string from ISO-8859-1 to UTF-8. * * @deprecated Use {@see \mb_convert_encoding()} instead. * * @since 6.9.0 * * @param string $iso_8859_1_text Text treated as ISO-8859-1 (latin1) bytes. * @return string Text converted into a UTF-8. */ function utf8_encode( $iso_8859_1_text ): string { _deprecated_function( __FUNCTION__, '6.9.0', 'mb_convert_encoding' ); return mb_convert_encoding( $iso_8859_1_text, 'UTF-8', 'ISO-8859-1' ); } else : /** * @ignore * @private * * @since 6.9.0 */ function utf8_encode( $iso_8859_1_text ): string { _deprecated_function( __FUNCTION__, '6.9.0', 'mb_convert_encoding' ); return _wp_utf8_encode_fallback( $iso_8859_1_text ); } endif; endif; if ( ! function_exists( 'utf8_decode' ) ) : if ( extension_loaded( 'mbstring' ) ) : /** * Converts a string from UTF-8 to ISO-8859-1. * * @deprecated Use {@see \mb_convert_encoding()} instead. * * @since 6.9.0 * * @param string $utf8_text Text treated as UTF-8. * @return string Text converted into ISO-8859-1. */ function utf8_decode( $utf8_text ): string { _deprecated_function( __FUNCTION__, '6.9.0', 'mb_convert_encoding' ); return mb_convert_encoding( $utf8_text, 'ISO-8859-1', 'UTF-8' ); } else : /** * @ignore * @private * * @since 6.9.0 */ function utf8_decode( $utf8_text ): string { _deprecated_function( __FUNCTION__, '6.9.0', 'mb_convert_encoding' ); return _wp_utf8_decode_fallback( $utf8_text ); } endif; endif; // sodium_crypto_box() was introduced in PHP 7.2. if ( ! function_exists( 'sodium_crypto_box' ) ) { require ABSPATH . WPINC . '/sodium_compat/autoload.php'; } if ( ! function_exists( 'is_countable' ) ) { /** * Polyfill for is_countable() function added in PHP 7.3. * * Verify that the content of a variable is an array or an object * implementing the Countable interface. * * @since 4.9.6 * * @param mixed $value The value to check. * @return bool True if `$value` is countable, false otherwise. */ function is_countable( $value ) { return ( is_array( $value ) || $value instanceof Countable || $value instanceof SimpleXMLElement || $value instanceof ResourceBundle ); } } if ( ! function_exists( 'array_key_first' ) ) { /** * Polyfill for array_key_first() function added in PHP 7.3. * * Get the first key of the given array without affecting * the internal array pointer. * * @since 5.9.0 * * @param array $array An array. * @return string|int|null The first key of array if the array * is not empty; `null` otherwise. */ function array_key_first( array $array ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound if ( empty( $array ) ) { return null; } foreach ( $array as $key => $value ) { return $key; } } } if ( ! function_exists( 'array_key_last' ) ) { /** * Polyfill for `array_key_last()` function added in PHP 7.3. * * Get the last key of the given array without affecting the * internal array pointer. * * @since 5.9.0 * * @param array $array An array. * @return string|int|null The last key of array if the array *. is not empty; `null` otherwise. */ function array_key_last( array $array ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound if ( empty( $array ) ) { return null; } end( $array ); return key( $array ); } } if ( ! function_exists( 'array_is_list' ) ) { /** * Polyfill for `array_is_list()` function added in PHP 8.1. * * Determines if the given array is a list. * * An array is considered a list if its keys consist of consecutive numbers from 0 to count($array)-1. * * @see https://github.com/symfony/polyfill-php81/tree/main * * @since 6.5.0 * * @param array<mixed> $arr The array being evaluated. * @return bool True if array is a list, false otherwise. */ function array_is_list( $arr ) { if ( ( array() === $arr ) || ( array_values( $arr ) === $arr ) ) { return true; } $next_key = -1; foreach ( $arr as $k => $v ) { if ( ++$next_key !== $k ) { return false; } } return true; } } if ( ! function_exists( 'str_contains' ) ) { /** * Polyfill for `str_contains()` function added in PHP 8.0. * * Performs a case-sensitive check indicating if needle is * contained in haystack. * * @since 5.9.0 * * @param string $haystack The string to search in. * @param string $needle The substring to search for in the `$haystack`. * @return bool True if `$needle` is in `$haystack`, otherwise false. */ function str_contains( $haystack, $needle ) { if ( '' === $needle ) { return true; } return false !== strpos( $haystack, $needle ); } } if ( ! function_exists( 'str_starts_with' ) ) { /** * Polyfill for `str_starts_with()` function added in PHP 8.0. * * Performs a case-sensitive check indicating if * the haystack begins with needle. * * @since 5.9.0 * * @param string $haystack The string to search in. * @param string $needle The substring to search for in the `$haystack`. * @return bool True if `$haystack` starts with `$needle`, otherwise false. */ function str_starts_with( $haystack, $needle ) { if ( '' === $needle ) { return true; } return 0 === strpos( $haystack, $needle ); } } if ( ! function_exists( 'str_ends_with' ) ) { /** * Polyfill for `str_ends_with()` function added in PHP 8.0. * * Performs a case-sensitive check indicating if * the haystack ends with needle. * * @since 5.9.0 * * @param string $haystack The string to search in. * @param string $needle The substring to search for in the `$haystack`. * @return bool True if `$haystack` ends with `$needle`, otherwise false. */ function str_ends_with( $haystack, $needle ) { if ( '' === $haystack ) { return '' === $needle; } $len = strlen( $needle ); return substr( $haystack, -$len, $len ) === $needle; } } if ( ! function_exists( 'array_find' ) ) { /** * Polyfill for `array_find()` function added in PHP 8.4. * * Searches an array for the first element that passes a given callback. * * @since 6.8.0 * * @param array $array The array to search. * @param callable $callback The callback to run for each element. * @return mixed|null The first element in the array that passes the `$callback`, otherwise null. */ function array_find( array $array, callable $callback ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound foreach ( $array as $key => $value ) { if ( $callback( $value, $key ) ) { return $value; } } return null; } } if ( ! function_exists( 'array_find_key' ) ) { /** * Polyfill for `array_find_key()` function added in PHP 8.4. * * Searches an array for the first key that passes a given callback. * * @since 6.8.0 * * @param array $array The array to search. * @param callable $callback The callback to run for each element. * @return int|string|null The first key in the array that passes the `$callback`, otherwise null. */ function array_find_key( array $array, callable $callback ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound foreach ( $array as $key => $value ) { if ( $callback( $value, $key ) ) { return $key; } } return null; } } if ( ! function_exists( 'array_any' ) ) { /** * Polyfill for `array_any()` function added in PHP 8.4. * * Checks if any element of an array passes a given callback. * * @since 6.8.0 * * @param array $array The array to check. * @param callable $callback The callback to run for each element. * @return bool True if any element in the array passes the `$callback`, otherwise false. */ function array_any( array $array, callable $callback ): bool { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound foreach ( $array as $key => $value ) { if ( $callback( $value, $key ) ) { return true; } } return false; } } if ( ! function_exists( 'array_all' ) ) { /** * Polyfill for `array_all()` function added in PHP 8.4. * * Checks if all elements of an array pass a given callback. * * @since 6.8.0 * * @param array $array The array to check. * @param callable $callback The callback to run for each element. * @return bool True if all elements in the array pass the `$callback`, otherwise false. */ function array_all( array $array, callable $callback ): bool { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound foreach ( $array as $key => $value ) { if ( ! $callback( $value, $key ) ) { return false; } } return true; } } if ( ! function_exists( 'array_first' ) ) { /** * Polyfill for `array_first()` function added in PHP 8.5. * * Returns the first element of an array. * * @since 6.9.0 * * @param array $array The array to get the first element from. * @return mixed|null The first element of the array, or null if the array is empty. */ function array_first( array $array ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound if ( empty( $array ) ) { return null; } foreach ( $array as $value ) { return $value; } } } if ( ! function_exists( 'array_last' ) ) { /** * Polyfill for `array_last()` function added in PHP 8.5. * * Returns the last element of an array. * * @since 6.9.0 * * @param array $array The array to get the last element from. * @return mixed|null The last element of the array, or null if the array is empty. */ function array_last( array $array ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound if ( empty( $array ) ) { return null; } return $array[ array_key_last( $array ) ]; } } // IMAGETYPE_AVIF constant is only defined in PHP 8.x or later. if ( ! defined( 'IMAGETYPE_AVIF' ) ) { define( 'IMAGETYPE_AVIF', 19 ); } // IMG_AVIF constant is only defined in PHP 8.x or later. if ( ! defined( 'IMG_AVIF' ) ) { define( 'IMG_AVIF', IMAGETYPE_AVIF ); } // IMAGETYPE_HEIF constant is only defined in PHP 8.5 or later. if ( ! defined( 'IMAGETYPE_HEIF' ) ) { define( 'IMAGETYPE_HEIF', 20 ); } comment.php 0000666 00000405665 15224716631 0006752 0 ustar 00 <?php /** * Core Comment API * * @package WordPress * @subpackage Comment */ /** * Checks whether a comment passes internal checks to be allowed to add. * * If manual comment moderation is set in the administration, then all checks, * regardless of their type and substance, will fail and the function will * return false. * * If the number of links exceeds the amount in the administration, then the * check fails. If any of the parameter contents contain any disallowed words, * then the check fails. * * If the comment author was approved before, then the comment is automatically * approved. * * If all checks pass, the function will return true. * * @since 1.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $author Comment author name. * @param string $email Comment author email. * @param string $url Comment author URL. * @param string $comment Content of the comment. * @param string $user_ip Comment author IP address. * @param string $user_agent Comment author User-Agent. * @param string $comment_type Comment type, either user-submitted comment, * trackback, or pingback. * @return bool If all checks pass, true, otherwise false. */ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, $comment_type ) { global $wpdb; // If manual moderation is enabled, skip all checks and return false. if ( '1' === get_option( 'comment_moderation' ) ) { return false; } /** This filter is documented in wp-includes/comment-template.php */ $comment = apply_filters( 'comment_text', $comment, null, array() ); // Check for the number of external links if a max allowed number is set. $max_links = get_option( 'comment_max_links' ); if ( $max_links ) { $num_links = preg_match_all( '/<a [^>]*href/i', $comment, $out ); /** * Filters the number of links found in a comment. * * @since 3.0.0 * @since 4.7.0 Added the `$comment` parameter. * * @param int $num_links The number of links found. * @param string $url Comment author's URL. Included in allowed links total. * @param string $comment Content of the comment. */ $num_links = apply_filters( 'comment_max_links_url', $num_links, $url, $comment ); /* * If the number of links in the comment exceeds the allowed amount, * fail the check by returning false. */ if ( $num_links >= $max_links ) { return false; } } $mod_keys = trim( get_option( 'moderation_keys' ) ); // If moderation 'keys' (keywords) are set, process them. if ( ! empty( $mod_keys ) ) { $words = explode( "\n", $mod_keys ); foreach ( (array) $words as $word ) { $word = trim( $word ); // Skip empty lines. if ( empty( $word ) ) { continue; } /* * Do some escaping magic so that '#' (number of) characters in the spam * words don't break things: */ $word = preg_quote( $word, '#' ); /* * Check the comment fields for moderation keywords. If any are found, * fail the check for the given field by returning false. */ $pattern = "#$word#iu"; if ( preg_match( $pattern, $author ) ) { return false; } if ( preg_match( $pattern, $email ) ) { return false; } if ( preg_match( $pattern, $url ) ) { return false; } if ( preg_match( $pattern, $comment ) ) { return false; } if ( preg_match( $pattern, $user_ip ) ) { return false; } if ( preg_match( $pattern, $user_agent ) ) { return false; } } } /* * Check if the option to approve comments by previously-approved authors is enabled. * * If it is enabled, check whether the comment author has a previously-approved comment, * as well as whether there are any moderation keywords (if set) present in the author * email address. If both checks pass, return true. Otherwise, return false. */ if ( '1' === get_option( 'comment_previously_approved' ) ) { if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) { $comment_user = get_user_by( 'email', wp_unslash( $email ) ); if ( ! empty( $comment_user->ID ) ) { $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) ); } else { // expected_slashed ($author, $email) $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s AND comment_approved = '1' LIMIT 1", $author, $email ) ); } if ( '1' === $ok_to_comment && ( empty( $mod_keys ) || ! str_contains( $email, $mod_keys ) ) ) { return true; } else { return false; } } else { return false; } } return true; } /** * Retrieves the approved comments for a post. * * @since 2.0.0 * @since 4.1.0 Refactored to leverage WP_Comment_Query over a direct query. * * @param int $post_id The ID of the post. * @param array $args { * Optional. See WP_Comment_Query::__construct() for information on accepted arguments. * * @type int $status Comment status to limit results by. Defaults to approved comments. * @type int $post_id Limit results to those affiliated with a given post ID. * @type string $order How to order retrieved comments. Default 'ASC'. * } * @return WP_Comment[]|int[]|int The approved comments, or number of comments if `$count` * argument is true. */ function get_approved_comments( $post_id, $args = array() ) { if ( ! $post_id ) { return array(); } $defaults = array( 'status' => 1, 'post_id' => $post_id, 'order' => 'ASC', ); $parsed_args = wp_parse_args( $args, $defaults ); $query = new WP_Comment_Query(); return $query->query( $parsed_args ); } /** * Retrieves comment data given a comment ID or comment object. * * If an object is passed then the comment data will be cached and then returned * after being passed through a filter. If the comment is empty, then the global * comment variable will be used, if it is set. * * @since 2.0.0 * * @global WP_Comment $comment Global comment object. * * @param WP_Comment|string|int $comment Comment to retrieve. * @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which * correspond to a WP_Comment object, an associative array, or a numeric array, * respectively. Default OBJECT. * @return WP_Comment|array|null Depends on $output value. */ function get_comment( $comment = null, $output = OBJECT ) { if ( empty( $comment ) && isset( $GLOBALS['comment'] ) ) { $comment = $GLOBALS['comment']; } if ( $comment instanceof WP_Comment ) { $_comment = $comment; } elseif ( is_object( $comment ) ) { $_comment = new WP_Comment( $comment ); } else { $_comment = WP_Comment::get_instance( $comment ); } if ( ! $_comment ) { return null; } /** * Fires after a comment is retrieved. * * @since 2.3.0 * * @param WP_Comment $_comment Comment data. */ $_comment = apply_filters( 'get_comment', $_comment ); if ( OBJECT === $output ) { return $_comment; } elseif ( ARRAY_A === $output ) { return $_comment->to_array(); } elseif ( ARRAY_N === $output ) { return array_values( $_comment->to_array() ); } return $_comment; } /** * Retrieves a list of comments. * * The comment list can be for the blog as a whole or for an individual post. * * @since 2.7.0 * * @param string|array $args Optional. Array or string of arguments. See WP_Comment_Query::__construct() * for information on accepted arguments. Default empty string. * @return WP_Comment[]|int[]|int List of comments or number of found comments if `$count` argument is true. */ function get_comments( $args = '' ) { $query = new WP_Comment_Query(); return $query->query( $args ); } /** * Retrieves all of the WordPress supported comment statuses. * * Comments have a limited set of valid status values, this provides the comment * status values and descriptions. * * @since 2.7.0 * * @return string[] List of comment status labels keyed by status. */ function get_comment_statuses() { $status = array( 'hold' => __( 'Unapproved' ), 'approve' => _x( 'Approved', 'comment status' ), 'spam' => _x( 'Spam', 'comment status' ), 'trash' => _x( 'Trash', 'comment status' ), ); return $status; } /** * Gets the default comment status for a post type. * * @since 4.3.0 * * @param string $post_type Optional. Post type. Default 'post'. * @param string $comment_type Optional. Comment type. Default 'comment'. * @return string Either 'open' or 'closed'. */ function get_default_comment_status( $post_type = 'post', $comment_type = 'comment' ) { switch ( $comment_type ) { case 'pingback': case 'trackback': $supports = 'trackbacks'; $option = 'ping'; break; default: $supports = 'comments'; $option = 'comment'; break; } // Set the status. if ( 'page' === $post_type ) { $status = 'closed'; } elseif ( post_type_supports( $post_type, $supports ) ) { $status = get_option( "default_{$option}_status" ); } else { $status = 'closed'; } /** * Filters the default comment status for the given post type. * * @since 4.3.0 * * @param string $status Default status for the given post type, * either 'open' or 'closed'. * @param string $post_type Post type. Default is `post`. * @param string $comment_type Type of comment. Default is `comment`. */ return apply_filters( 'get_default_comment_status', $status, $post_type, $comment_type ); } /** * Retrieves the date the last comment was modified. * * @since 1.5.0 * @since 4.7.0 Replaced caching the modified date in a local static variable * with the Object Cache API. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $timezone Which timezone to use in reference to 'gmt', 'blog', or 'server' locations. * @return string|false Last comment modified date on success, false on failure. */ function get_lastcommentmodified( $timezone = 'server' ) { global $wpdb; $timezone = strtolower( $timezone ); $key = "lastcommentmodified:$timezone"; $comment_modified_date = wp_cache_get( $key, 'timeinfo' ); if ( false !== $comment_modified_date ) { return $comment_modified_date; } switch ( $timezone ) { case 'gmt': $comment_modified_date = $wpdb->get_var( "SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1" ); break; case 'blog': $comment_modified_date = $wpdb->get_var( "SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1" ); break; case 'server': $add_seconds_server = gmdate( 'Z' ); $comment_modified_date = $wpdb->get_var( $wpdb->prepare( "SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server ) ); break; } if ( $comment_modified_date ) { wp_cache_set( $key, $comment_modified_date, 'timeinfo' ); return $comment_modified_date; } return false; } /** * Retrieves the total comment counts for the whole site or a single post. * * @since 2.0.0 * * @param int $post_id Optional. Restrict the comment counts to the given post. Default 0, which indicates that * comment counts for the whole site will be retrieved. * @return int[] { * The number of comments keyed by their status. * * @type int $approved The number of approved comments. * @type int $awaiting_moderation The number of comments awaiting moderation (a.k.a. pending). * @type int $spam The number of spam comments. * @type int $trash The number of trashed comments. * @type int $post-trashed The number of comments for posts that are in the trash. * @type int $total_comments The total number of non-trashed comments, including spam. * @type int $all The total number of pending or approved comments. * } */ function get_comment_count( $post_id = 0 ) { $post_id = (int) $post_id; $comment_count = array( 'approved' => 0, 'awaiting_moderation' => 0, 'spam' => 0, 'trash' => 0, 'post-trashed' => 0, 'total_comments' => 0, 'all' => 0, ); $args = array( 'count' => true, 'update_comment_meta_cache' => false, 'orderby' => 'none', ); if ( $post_id > 0 ) { $args['post_id'] = $post_id; } $mapping = array( 'approved' => 'approve', 'awaiting_moderation' => 'hold', 'spam' => 'spam', 'trash' => 'trash', 'post-trashed' => 'post-trashed', ); $comment_count = array(); foreach ( $mapping as $key => $value ) { $comment_count[ $key ] = get_comments( array_merge( $args, array( 'status' => $value ) ) ); } $comment_count['all'] = $comment_count['approved'] + $comment_count['awaiting_moderation']; $comment_count['total_comments'] = $comment_count['all'] + $comment_count['spam']; return array_map( 'intval', $comment_count ); } // // Comment meta functions. // /** * Adds meta data field to a comment. * * For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input. * * @since 2.9.0 * * @link https://developer.wordpress.org/reference/functions/add_comment_meta/ * * @param int $comment_id Comment ID. * @param string $meta_key Metadata name. * @param mixed $meta_value Metadata value. Arrays and objects are stored as serialized data and * will be returned as the same type when retrieved. Other data types will * be stored as strings in the database: * - false is stored and retrieved as an empty string ('') * - true is stored and retrieved as '1' * - numbers (both integer and float) are stored and retrieved as strings * Must be serializable if non-scalar. * @param bool $unique Optional. Whether the same key should not be added. * Default false. * @return int|false Meta ID on success, false on failure. */ function add_comment_meta( $comment_id, $meta_key, $meta_value, $unique = false ) { return add_metadata( 'comment', $comment_id, $meta_key, $meta_value, $unique ); } /** * Removes metadata matching criteria from a comment. * * You can match based on the key, or key and value. Removing based on key and * value, will keep from removing duplicate metadata with the same key. It also * allows removing all metadata matching key, if needed. * * For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input. * * @since 2.9.0 * * @link https://developer.wordpress.org/reference/functions/delete_comment_meta/ * * @param int $comment_id Comment ID. * @param string $meta_key Metadata name. * @param mixed $meta_value Optional. Metadata value. If provided, * rows will only be removed that match the value. * Must be serializable if non-scalar. Default empty string. * @return bool True on success, false on failure. */ function delete_comment_meta( $comment_id, $meta_key, $meta_value = '' ) { return delete_metadata( 'comment', $comment_id, $meta_key, $meta_value ); } /** * Retrieves comment meta field for a comment. * * @since 2.9.0 * * @link https://developer.wordpress.org/reference/functions/get_comment_meta/ * * @param int $comment_id Comment ID. * @param string $key Optional. The meta key to retrieve. By default, * returns data for all keys. Default empty string. * @param bool $single Optional. Whether to return a single value. * This parameter has no effect if `$key` is not specified. * Default false. * @return mixed An array of values if `$single` is false. * The value of meta data field if `$single` is true. * False for an invalid `$comment_id` (non-numeric, zero, or negative value). * An empty array if a valid but non-existing comment ID is passed and `$single` is false. * An empty string if a valid but non-existing comment ID is passed and `$single` is true. * Note: Non-serialized values are returned as strings: * - false values are returned as empty strings ('') * - true values are returned as '1' * - numbers are returned as strings * Arrays and objects retain their original type. */ function get_comment_meta( $comment_id, $key = '', $single = false ) { return get_metadata( 'comment', $comment_id, $key, $single ); } /** * Queue comment meta for lazy-loading. * * @since 6.3.0 * * @param array $comment_ids List of comment IDs. */ function wp_lazyload_comment_meta( array $comment_ids ) { if ( empty( $comment_ids ) ) { return; } $lazyloader = wp_metadata_lazyloader(); $lazyloader->queue_objects( 'comment', $comment_ids ); } /** * Updates comment meta field based on comment ID. * * Use the $prev_value parameter to differentiate between meta fields with the * same key and comment ID. * * If the meta field for the comment does not exist, it will be added. * * For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input. * * @since 2.9.0 * * @link https://developer.wordpress.org/reference/functions/update_comment_meta/ * * @param int $comment_id Comment ID. * @param string $meta_key Metadata key. * @param mixed $meta_value Metadata value. Must be serializable if non-scalar. * @param mixed $prev_value Optional. Previous value to check before updating. * If specified, only update existing metadata entries with * this value. Otherwise, update all entries. Default empty string. * @return int|bool Meta ID if the key didn't exist, true on successful update, * false on failure or if the value passed to the function * is the same as the one that is already in the database. */ function update_comment_meta( $comment_id, $meta_key, $meta_value, $prev_value = '' ) { return update_metadata( 'comment', $comment_id, $meta_key, $meta_value, $prev_value ); } /** * Sets the cookies used to store an unauthenticated commentator's identity. Typically used * to recall previous comments by this commentator that are still held in moderation. * * @since 3.4.0 * @since 4.9.6 The `$cookies_consent` parameter was added. * * @param WP_Comment $comment Comment object. * @param WP_User $user Comment author's user object. The user may not exist. * @param bool $cookies_consent Optional. Comment author's consent to store cookies. Default true. */ function wp_set_comment_cookies( $comment, $user, $cookies_consent = true ) { // If the user already exists, or the user opted out of cookies, don't set cookies. if ( $user->exists() ) { return; } if ( false === $cookies_consent ) { // Remove any existing cookies. $past = time() - YEAR_IN_SECONDS; setcookie( 'comment_author_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); setcookie( 'comment_author_email_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); setcookie( 'comment_author_url_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); return; } /** * Filters the lifetime of the comment cookie in seconds. * * @since 2.8.0 * @since 6.6.0 The default $seconds value changed from 30000000 to YEAR_IN_SECONDS. * * @param int $seconds Comment cookie lifetime. Default YEAR_IN_SECONDS. */ $comment_cookie_lifetime = time() + apply_filters( 'comment_cookie_lifetime', YEAR_IN_SECONDS ); $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) ); setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); setcookie( 'comment_author_url_' . COOKIEHASH, esc_url( $comment->comment_author_url ), $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); } /** * Sanitizes the cookies sent to the user already. * * Will only do anything if the cookies have already been created for the user. * Mostly used after cookies had been sent to use elsewhere. * * @since 2.0.4 */ function sanitize_comment_cookies() { if ( isset( $_COOKIE[ 'comment_author_' . COOKIEHASH ] ) ) { /** * Filters the comment author's name cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's name string is passed. * * @since 1.5.0 * * @param string $author_cookie The comment author name cookie. */ $comment_author = apply_filters( 'pre_comment_author_name', $_COOKIE[ 'comment_author_' . COOKIEHASH ] ); $comment_author = wp_unslash( $comment_author ); $comment_author = esc_attr( $comment_author ); $_COOKIE[ 'comment_author_' . COOKIEHASH ] = $comment_author; } if ( isset( $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] ) ) { /** * Filters the comment author's email cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's email string is passed. * * @since 1.5.0 * * @param string $author_email_cookie The comment author email cookie. */ $comment_author_email = apply_filters( 'pre_comment_author_email', $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] ); $comment_author_email = wp_unslash( $comment_author_email ); $comment_author_email = esc_attr( $comment_author_email ); $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] = $comment_author_email; } if ( isset( $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] ) ) { /** * Filters the comment author's URL cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's URL string is passed. * * @since 1.5.0 * * @param string $author_url_cookie The comment author URL cookie. */ $comment_author_url = apply_filters( 'pre_comment_author_url', $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] ); $comment_author_url = wp_unslash( $comment_author_url ); $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] = $comment_author_url; } } /** * Validates whether this comment is allowed to be made. * * @since 2.0.0 * @since 4.7.0 The `$avoid_die` parameter was added, allowing the function * to return a WP_Error object instead of dying. * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $commentdata Contains information on the comment. * @param bool $wp_error When true, a disallowed comment will result in the function * returning a WP_Error object, rather than executing wp_die(). * Default false. * @return int|string|WP_Error Allowed comments return the approval status (0|1|'spam'|'trash'). * If `$wp_error` is true, disallowed comments return a WP_Error. */ function wp_allow_comment( $commentdata, $wp_error = false ) { global $wpdb; /* * Simple duplicate check. * expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) */ $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", wp_unslash( $commentdata['comment_post_ID'] ), wp_unslash( $commentdata['comment_parent'] ), wp_unslash( $commentdata['comment_author'] ) ); if ( $commentdata['comment_author_email'] ) { $dupe .= $wpdb->prepare( 'AND comment_author_email = %s ', wp_unslash( $commentdata['comment_author_email'] ) ); } $dupe .= $wpdb->prepare( ') AND comment_content = %s LIMIT 1', wp_unslash( $commentdata['comment_content'] ) ); $dupe_id = $wpdb->get_var( $dupe ); /** * Filters the ID, if any, of the duplicate comment found when creating a new comment. * * Return an empty value from this filter to allow what WP considers a duplicate comment. * * @since 4.4.0 * * @param int $dupe_id ID of the comment identified as a duplicate. * @param array $commentdata Data for the comment being created. */ $dupe_id = apply_filters( 'duplicate_comment_id', $dupe_id, $commentdata ); if ( $dupe_id ) { /** * Fires immediately after a duplicate comment is detected. * * @since 3.0.0 * * @param array $commentdata Comment data. */ do_action( 'comment_duplicate_trigger', $commentdata ); /** * Filters duplicate comment error message. * * @since 5.2.0 * * @param string $comment_duplicate_message Duplicate comment error message. */ $comment_duplicate_message = apply_filters( 'comment_duplicate_message', __( 'Duplicate comment detected; it looks as though you’ve already said that!' ) ); if ( $wp_error ) { return new WP_Error( 'comment_duplicate', $comment_duplicate_message, 409 ); } else { if ( wp_doing_ajax() ) { die( $comment_duplicate_message ); } wp_die( $comment_duplicate_message, 409 ); } } /** * Fires immediately before a comment is marked approved. * * Allows checking for comment flooding. * * @since 2.3.0 * @since 4.7.0 The `$avoid_die` parameter was added. * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * * @param string $comment_author_ip Comment author's IP address. * @param string $comment_author_email Comment author's email. * @param string $comment_date_gmt GMT date the comment was posted. * @param bool $wp_error Whether to return a WP_Error object instead of executing * wp_die() or die() if a comment flood is occurring. */ do_action( 'check_comment_flood', $commentdata['comment_author_IP'], $commentdata['comment_author_email'], $commentdata['comment_date_gmt'], $wp_error ); /** * Filters whether a comment is part of a comment flood. * * The default check is wp_check_comment_flood(). See check_comment_flood_db(). * * @since 4.7.0 * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * * @param bool $is_flood Is a comment flooding occurring? Default false. * @param string $comment_author_ip Comment author's IP address. * @param string $comment_author_email Comment author's email. * @param string $comment_date_gmt GMT date the comment was posted. * @param bool $wp_error Whether to return a WP_Error object instead of executing * wp_die() or die() if a comment flood is occurring. */ $is_flood = apply_filters( 'wp_is_comment_flood', false, $commentdata['comment_author_IP'], $commentdata['comment_author_email'], $commentdata['comment_date_gmt'], $wp_error ); if ( $is_flood ) { /** This filter is documented in wp-includes/comment-template.php */ $comment_flood_message = apply_filters( 'comment_flood_message', __( 'You are posting comments too quickly. Slow down.' ) ); return new WP_Error( 'comment_flood', $comment_flood_message, 429 ); } return wp_check_comment_data( $commentdata ); } /** * Hooks WP's native database-based comment-flood check. * * This wrapper maintains backward compatibility with plugins that expect to * be able to unhook the legacy check_comment_flood_db() function from * 'check_comment_flood' using remove_action(). * * @since 2.3.0 * @since 4.7.0 Converted to be an add_filter() wrapper. */ function check_comment_flood_db() { add_filter( 'wp_is_comment_flood', 'wp_check_comment_flood', 10, 5 ); } /** * Checks whether comment flooding is occurring. * * Won't run, if current user can manage options, so to not block * administrators. * * @since 4.7.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param bool $is_flood Is a comment flooding occurring? * @param string $ip Comment author's IP address. * @param string $email Comment author's email address. * @param string $date MySQL time string. * @param bool $avoid_die When true, a disallowed comment will result in the function * returning without executing wp_die() or die(). Default false. * @return bool Whether comment flooding is occurring. */ function wp_check_comment_flood( $is_flood, $ip, $email, $date, $avoid_die = false ) { global $wpdb; // Another callback has declared a flood. Trust it. if ( true === $is_flood ) { return $is_flood; } // Don't throttle admins or moderators. if ( current_user_can( 'manage_options' ) || current_user_can( 'moderate_comments' ) ) { return false; } $hour_ago = gmdate( 'Y-m-d H:i:s', time() - HOUR_IN_SECONDS ); if ( is_user_logged_in() ) { $user = get_current_user_id(); $check_column = '`user_id`'; } else { $user = $ip; $check_column = '`comment_author_IP`'; } $sql = $wpdb->prepare( "SELECT `comment_date_gmt` FROM `$wpdb->comments` WHERE `comment_date_gmt` >= %s AND ( $check_column = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $user, $email ); $lasttime = $wpdb->get_var( $sql ); if ( $lasttime ) { $time_lastcomment = mysql2date( 'U', $lasttime, false ); $time_newcomment = mysql2date( 'U', $date, false ); /** * Filters the comment flood status. * * @since 2.1.0 * * @param bool $bool Whether a comment flood is occurring. Default false. * @param int $time_lastcomment Timestamp of when the last comment was posted. * @param int $time_newcomment Timestamp of when the new comment was posted. */ $flood_die = apply_filters( 'comment_flood_filter', false, $time_lastcomment, $time_newcomment ); if ( $flood_die ) { /** * Fires before the comment flood message is triggered. * * @since 1.5.0 * * @param int $time_lastcomment Timestamp of when the last comment was posted. * @param int $time_newcomment Timestamp of when the new comment was posted. */ do_action( 'comment_flood_trigger', $time_lastcomment, $time_newcomment ); if ( $avoid_die ) { return true; } else { /** * Filters the comment flood error message. * * @since 5.2.0 * * @param string $comment_flood_message Comment flood error message. */ $comment_flood_message = apply_filters( 'comment_flood_message', __( 'You are posting comments too quickly. Slow down.' ) ); if ( wp_doing_ajax() ) { die( $comment_flood_message ); } wp_die( $comment_flood_message, 429 ); } } } return false; } /** * Separates an array of comments into an array keyed by comment_type. * * @since 2.7.0 * * @param WP_Comment[] $comments Array of comments. * @return array<string, WP_Comment[]> Array of comments keyed by comment type. */ function separate_comments( &$comments ) { $comments_by_type = array( 'comment' => array(), 'trackback' => array(), 'pingback' => array(), 'pings' => array(), ); $count = count( $comments ); for ( $i = 0; $i < $count; $i++ ) { $type = $comments[ $i ]->comment_type; if ( empty( $type ) ) { $type = 'comment'; } $comments_by_type[ $type ][] = &$comments[ $i ]; if ( 'trackback' === $type || 'pingback' === $type ) { $comments_by_type['pings'][] = &$comments[ $i ]; } } return $comments_by_type; } /** * Calculates the total number of comment pages. * * @since 2.7.0 * * @uses Walker_Comment * * @global WP_Query $wp_query WordPress Query object. * * @param WP_Comment[] $comments Optional. Array of WP_Comment objects. Defaults to `$wp_query->comments`. * @param int $per_page Optional. Comments per page. Defaults to the value of `comments_per_page` * query var, option of the same name, or 1 (in that order). * @param bool $threaded Optional. Control over flat or threaded comments. Defaults to the value * of `thread_comments` option. * @return int Number of comment pages. */ function get_comment_pages_count( $comments = null, $per_page = null, $threaded = null ) { global $wp_query; if ( null === $comments && null === $per_page && null === $threaded && ! empty( $wp_query->max_num_comment_pages ) ) { return $wp_query->max_num_comment_pages; } if ( ( ! $comments || ! is_array( $comments ) ) && ! empty( $wp_query->comments ) ) { $comments = $wp_query->comments; } if ( empty( $comments ) ) { return 0; } if ( ! get_option( 'page_comments' ) ) { return 1; } if ( ! isset( $per_page ) ) { $per_page = (int) get_query_var( 'comments_per_page' ); } if ( 0 === $per_page ) { $per_page = (int) get_option( 'comments_per_page' ); } if ( 0 === $per_page ) { return 1; } if ( ! isset( $threaded ) ) { $threaded = get_option( 'thread_comments' ); } if ( $threaded ) { $walker = new Walker_Comment(); $count = ceil( $walker->get_number_of_root_elements( $comments ) / $per_page ); } else { $count = ceil( count( $comments ) / $per_page ); } return (int) $count; } /** * Calculates what page number a comment will appear on for comment paging. * * @since 2.7.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $comment_id Comment ID. * @param array $args { * Array of optional arguments. * * @type string $type Limit paginated comments to those matching a given type. * Accepts 'comment', 'trackback', 'pingback', 'pings' * (trackbacks and pingbacks), or 'all'. Default 'all'. * @type int $per_page Per-page count to use when calculating pagination. * Defaults to the value of the 'comments_per_page' option. * @type int|string $max_depth If greater than 1, comment page will be determined * for the top-level parent `$comment_id`. * Defaults to the value of the 'thread_comments_depth' option. * } * @return int|null Comment page number or null on error. */ function get_page_of_comment( $comment_id, $args = array() ) { global $wpdb; $page = null; $comment = get_comment( $comment_id ); if ( ! $comment ) { return null; } $defaults = array( 'type' => 'all', 'page' => '', 'per_page' => '', 'max_depth' => '', ); $args = wp_parse_args( $args, $defaults ); $original_args = $args; // Order of precedence: 1. `$args['per_page']`, 2. 'comments_per_page' query_var, 3. 'comments_per_page' option. if ( get_option( 'page_comments' ) ) { if ( '' === $args['per_page'] ) { $args['per_page'] = get_query_var( 'comments_per_page' ); } if ( '' === $args['per_page'] ) { $args['per_page'] = get_option( 'comments_per_page' ); } } if ( empty( $args['per_page'] ) ) { $args['per_page'] = 0; $args['page'] = 0; } if ( $args['per_page'] < 1 ) { $page = 1; } if ( null === $page ) { if ( '' === $args['max_depth'] ) { if ( get_option( 'thread_comments' ) ) { $args['max_depth'] = get_option( 'thread_comments_depth' ); } else { $args['max_depth'] = -1; } } // Find this comment's top-level parent if threading is enabled. if ( $args['max_depth'] > 1 && '0' !== $comment->comment_parent ) { return get_page_of_comment( $comment->comment_parent, $args ); } $comment_args = array( 'type' => $args['type'], 'post_id' => $comment->comment_post_ID, 'fields' => 'ids', 'count' => true, 'status' => 'approve', 'orderby' => 'none', 'parent' => 0, 'date_query' => array( array( 'column' => "$wpdb->comments.comment_date_gmt", 'before' => $comment->comment_date_gmt, ), ), ); if ( is_user_logged_in() ) { $comment_args['include_unapproved'] = array( get_current_user_id() ); } else { $unapproved_email = wp_get_unapproved_comment_author_email(); if ( $unapproved_email ) { $comment_args['include_unapproved'] = array( $unapproved_email ); } } /** * Filters the arguments used to query comments in get_page_of_comment(). * * @since 5.5.0 * * @see WP_Comment_Query::__construct() * * @param array $comment_args { * Array of WP_Comment_Query arguments. * * @type string $type Limit paginated comments to those matching a given type. * Accepts 'comment', 'trackback', 'pingback', 'pings' * (trackbacks and pingbacks), or 'all'. Default 'all'. * @type int $post_id ID of the post. * @type string $fields Comment fields to return. * @type bool $count Whether to return a comment count (true) or array * of comment objects (false). * @type string $status Comment status. * @type int $parent Parent ID of comment to retrieve children of. * @type array $date_query Date query clauses to limit comments by. See WP_Date_Query. * @type array $include_unapproved Array of IDs or email addresses whose unapproved comments * will be included in paginated comments. * } */ $comment_args = apply_filters( 'get_page_of_comment_query_args', $comment_args ); $comment_query = new WP_Comment_Query(); $older_comment_count = $comment_query->query( $comment_args ); // No older comments? Then it's page #1. if ( 0 === $older_comment_count ) { $page = 1; // Divide comments older than this one by comments per page to get this comment's page number. } else { $page = (int) ceil( ( $older_comment_count + 1 ) / $args['per_page'] ); } } /** * Filters the calculated page on which a comment appears. * * @since 4.4.0 * @since 4.7.0 Introduced the `$comment_id` parameter. * * @param int $page Comment page. * @param array $args { * Arguments used to calculate pagination. These include arguments auto-detected by the function, * based on query vars, system settings, etc. For pristine arguments passed to the function, * see `$original_args`. * * @type string $type Type of comments to count. * @type int $page Calculated current page. * @type int $per_page Calculated number of comments per page. * @type int $max_depth Maximum comment threading depth allowed. * } * @param array $original_args { * Array of arguments passed to the function. Some or all of these may not be set. * * @type string $type Type of comments to count. * @type int $page Current comment page. * @type int $per_page Number of comments per page. * @type int $max_depth Maximum comment threading depth allowed. * } * @param int $comment_id ID of the comment. */ return apply_filters( 'get_page_of_comment', (int) $page, $args, $original_args, $comment_id ); } /** * Retrieves the maximum character lengths for the comment form fields. * * @since 4.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return int[] Array of maximum lengths keyed by field name. */ function wp_get_comment_fields_max_lengths() { global $wpdb; $lengths = array( 'comment_author' => 245, 'comment_author_email' => 100, 'comment_author_url' => 200, 'comment_content' => 65525, ); if ( $wpdb->is_mysql ) { foreach ( $lengths as $column => $length ) { $col_length = $wpdb->get_col_length( $wpdb->comments, $column ); $max_length = 0; // No point if we can't get the DB column lengths. if ( is_wp_error( $col_length ) ) { break; } if ( ! is_array( $col_length ) && (int) $col_length > 0 ) { $max_length = (int) $col_length; } elseif ( is_array( $col_length ) && isset( $col_length['length'] ) && (int) $col_length['length'] > 0 ) { $max_length = (int) $col_length['length']; if ( ! empty( $col_length['type'] ) && 'byte' === $col_length['type'] ) { $max_length = $max_length - 10; } } if ( $max_length > 0 ) { $lengths[ $column ] = $max_length; } } } /** * Filters the lengths for the comment form fields. * * @since 4.5.0 * * @param int[] $lengths Array of maximum lengths keyed by field name. */ return apply_filters( 'wp_get_comment_fields_max_lengths', $lengths ); } /** * Compares the lengths of comment data against the maximum character limits. * * @since 4.7.0 * * @param array $comment_data Array of arguments for inserting a comment. * @return WP_Error|true WP_Error when a comment field exceeds the limit, * otherwise true. */ function wp_check_comment_data_max_lengths( $comment_data ) { $max_lengths = wp_get_comment_fields_max_lengths(); if ( isset( $comment_data['comment_author'] ) && mb_strlen( $comment_data['comment_author'], '8bit' ) > $max_lengths['comment_author'] ) { return new WP_Error( 'comment_author_column_length', __( '<strong>Error:</strong> Your name is too long.' ), 200 ); } if ( isset( $comment_data['comment_author_email'] ) && strlen( $comment_data['comment_author_email'] ) > $max_lengths['comment_author_email'] ) { return new WP_Error( 'comment_author_email_column_length', __( '<strong>Error:</strong> Your email address is too long.' ), 200 ); } if ( isset( $comment_data['comment_author_url'] ) && strlen( $comment_data['comment_author_url'] ) > $max_lengths['comment_author_url'] ) { return new WP_Error( 'comment_author_url_column_length', __( '<strong>Error:</strong> Your URL is too long.' ), 200 ); } if ( isset( $comment_data['comment_content'] ) && mb_strlen( $comment_data['comment_content'], '8bit' ) > $max_lengths['comment_content'] ) { return new WP_Error( 'comment_content_column_length', __( '<strong>Error:</strong> Your comment is too long.' ), 200 ); } return true; } /** * Checks whether comment data passes internal checks or has disallowed content. * * @since 6.7.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $comment_data Array of arguments for inserting a comment. * @return int|string|WP_Error The approval status on success (0|1|'spam'|'trash'), * WP_Error otherwise. */ function wp_check_comment_data( $comment_data ) { global $wpdb; if ( ! empty( $comment_data['user_id'] ) ) { $user = get_userdata( $comment_data['user_id'] ); $post_author = (int) $wpdb->get_var( $wpdb->prepare( "SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_data['comment_post_ID'] ) ); } if ( isset( $user ) && ( $comment_data['user_id'] === $post_author || $user->has_cap( 'moderate_comments' ) ) ) { // The author and the admins get respect. $approved = 1; } else { // Everyone else's comments will be checked. if ( check_comment( $comment_data['comment_author'], $comment_data['comment_author_email'], $comment_data['comment_author_url'], $comment_data['comment_content'], $comment_data['comment_author_IP'], $comment_data['comment_agent'], $comment_data['comment_type'] ) ) { $approved = 1; } else { $approved = 0; } if ( wp_check_comment_disallowed_list( $comment_data['comment_author'], $comment_data['comment_author_email'], $comment_data['comment_author_url'], $comment_data['comment_content'], $comment_data['comment_author_IP'], $comment_data['comment_agent'] ) ) { $approved = EMPTY_TRASH_DAYS ? 'trash' : 'spam'; } } /** * Filters a comment's approval status before it is set. * * @since 2.1.0 * @since 4.9.0 Returning a WP_Error value from the filter will short-circuit comment insertion * and allow skipping further processing. * * @param int|string|WP_Error $approved The approval status. Accepts 1, 0, 'spam', 'trash', * or WP_Error. * @param array $commentdata Comment data. */ return apply_filters( 'pre_comment_approved', $approved, $comment_data ); } /** * Checks if a comment contains disallowed characters or words. * * @since 5.5.0 * * @param string $author The author of the comment. * @param string $email The email of the comment. * @param string $url The url used in the comment. * @param string $comment The comment content. * @param string $user_ip The comment author's IP address. * @param string $user_agent The author's browser user agent. * @return bool True if the comment contains disallowed content, false otherwise. */ function wp_check_comment_disallowed_list( $author, $email, $url, $comment, $user_ip, $user_agent ) { /** * Fires before the comment is tested for disallowed characters or words. * * @since 1.5.0 * @deprecated 5.5.0 Use {@see 'wp_check_comment_disallowed_list'} instead. * * @param string $author Comment author. * @param string $email Comment author's email. * @param string $url Comment author's URL. * @param string $comment Comment content. * @param string $user_ip Comment author's IP address. * @param string $user_agent Comment author's browser user agent. */ do_action_deprecated( 'wp_blacklist_check', array( $author, $email, $url, $comment, $user_ip, $user_agent ), '5.5.0', 'wp_check_comment_disallowed_list', __( 'Please consider writing more inclusive code.' ) ); /** * Fires before the comment is tested for disallowed characters or words. * * @since 5.5.0 * * @param string $author Comment author. * @param string $email Comment author's email. * @param string $url Comment author's URL. * @param string $comment Comment content. * @param string $user_ip Comment author's IP address. * @param string $user_agent Comment author's browser user agent. */ do_action( 'wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent ); $mod_keys = trim( get_option( 'disallowed_keys' ) ); if ( '' === $mod_keys ) { return false; // If moderation keys are empty. } // Ensure HTML tags are not being used to bypass the list of disallowed characters and words. $comment_without_html = wp_strip_all_tags( $comment ); $words = explode( "\n", $mod_keys ); foreach ( (array) $words as $word ) { $word = trim( $word ); // Skip empty lines. if ( empty( $word ) ) { continue; } // Do some escaping magic so that '#' chars in the spam words don't break things: $word = preg_quote( $word, '#' ); $pattern = "#$word#iu"; if ( preg_match( $pattern, $author ) || preg_match( $pattern, $email ) || preg_match( $pattern, $url ) || preg_match( $pattern, $comment ) || preg_match( $pattern, $comment_without_html ) || preg_match( $pattern, $user_ip ) || preg_match( $pattern, $user_agent ) ) { return true; } } return false; } /** * Retrieves the total comment counts for the whole site or a single post. * * The comment stats are cached and then retrieved, if they already exist in the * cache. * * @see get_comment_count() Which handles fetching the live comment counts. * * @since 2.5.0 * * @param int $post_id Optional. Restrict the comment counts to the given post. Default 0, which indicates that * comment counts for the whole site will be retrieved. * @return stdClass { * The number of comments keyed by their status. * * @type int $approved The number of approved comments. * @type int $moderated The number of comments awaiting moderation (a.k.a. pending). * @type int $spam The number of spam comments. * @type int $trash The number of trashed comments. * @type int $post-trashed The number of comments for posts that are in the trash. * @type int $total_comments The total number of non-trashed comments, including spam. * @type int $all The total number of pending or approved comments. * } */ function wp_count_comments( $post_id = 0 ) { $post_id = (int) $post_id; /** * Filters the comments count for a given post or the whole site. * * @since 2.7.0 * * @param array|stdClass $count An empty array or an object containing comment counts. * @param int $post_id The post ID. Can be 0 to represent the whole site. */ $filtered = apply_filters( 'wp_count_comments', array(), $post_id ); if ( ! empty( $filtered ) ) { return $filtered; } $count = wp_cache_get( "comments-{$post_id}", 'counts' ); if ( false !== $count ) { return $count; } $stats = get_comment_count( $post_id ); $stats['moderated'] = $stats['awaiting_moderation']; unset( $stats['awaiting_moderation'] ); $stats_object = (object) $stats; wp_cache_set( "comments-{$post_id}", $stats_object, 'counts' ); return $stats_object; } /** * Trashes or deletes a comment. * * The comment is moved to Trash instead of permanently deleted unless Trash is * disabled, item is already in the Trash, or $force_delete is true. * * The post comment count will be updated if the comment was approved and has a * post ID available. * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @param bool $force_delete Whether to bypass Trash and force deletion. Default false. * @return bool True on success, false on failure. */ function wp_delete_comment( $comment_id, $force_delete = false ) { global $wpdb; $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } if ( ! $force_delete && EMPTY_TRASH_DAYS && ! in_array( wp_get_comment_status( $comment ), array( 'trash', 'spam' ), true ) ) { return wp_trash_comment( $comment_id ); } /** * Fires immediately before a comment is deleted from the database. * * @since 1.2.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment to be deleted. */ do_action( 'delete_comment', $comment->comment_ID, $comment ); // Move children up a level. $children = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_parent = %d", $comment->comment_ID ) ); if ( ! empty( $children ) ) { $wpdb->update( $wpdb->comments, array( 'comment_parent' => $comment->comment_parent ), array( 'comment_parent' => $comment->comment_ID ) ); clean_comment_cache( $children ); } // Delete metadata. $meta_ids = $wpdb->get_col( $wpdb->prepare( "SELECT meta_id FROM $wpdb->commentmeta WHERE comment_id = %d", $comment->comment_ID ) ); foreach ( $meta_ids as $mid ) { delete_metadata_by_mid( 'comment', $mid ); } if ( ! $wpdb->delete( $wpdb->comments, array( 'comment_ID' => $comment->comment_ID ) ) ) { return false; } /** * Fires immediately after a comment is deleted from the database. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The deleted comment. */ do_action( 'deleted_comment', $comment->comment_ID, $comment ); $post_id = $comment->comment_post_ID; if ( $post_id && '1' === $comment->comment_approved ) { wp_update_comment_count( $post_id ); } clean_comment_cache( $comment->comment_ID ); /** This action is documented in wp-includes/comment.php */ do_action( 'wp_set_comment_status', $comment->comment_ID, 'delete' ); wp_transition_comment_status( 'delete', $comment->comment_approved, $comment ); return true; } /** * Moves a comment to the Trash * * If Trash is disabled, comment is permanently deleted. * * @since 2.9.0 * @since 6.9.0 Any child notes are deleted when deleting a note. * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @return bool True on success, false on failure. */ function wp_trash_comment( $comment_id ) { if ( ! EMPTY_TRASH_DAYS ) { $comment = get_comment( $comment_id ); $success = wp_delete_comment( $comment_id, true ); if ( ! $success ) { return false; } // Also delete children of top level 'note' type comments. if ( $comment && 'note' === $comment->comment_type && 0 === (int) $comment->comment_parent ) { $children = $comment->get_children( array( 'fields' => 'ids', 'status' => 'all', 'type' => 'note', ) ); foreach ( $children as $child_id ) { if ( ! wp_delete_comment( $child_id, true ) ) { $success = false; } } } return $success; } $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } /** * Fires immediately before a comment is sent to the Trash. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment to be trashed. */ do_action( 'trash_comment', $comment->comment_ID, $comment ); if ( wp_set_comment_status( $comment, 'trash' ) ) { delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); add_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', $comment->comment_approved ); add_comment_meta( $comment->comment_ID, '_wp_trash_meta_time', time() ); /** * Fires immediately after a comment is sent to Trash. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The trashed comment. */ do_action( 'trashed_comment', $comment->comment_ID, $comment ); // For top level 'note' type comments, also trash children. if ( 'note' === $comment->comment_type && 0 === (int) $comment->comment_parent ) { $children = $comment->get_children( array( 'fields' => 'ids', 'status' => 'all', 'type' => 'note', ) ); $success = true; foreach ( $children as $child_id ) { if ( ! wp_trash_comment( $child_id ) ) { $success = false; } } return $success; } return true; } return false; } /** * Removes a comment from the Trash * * @since 2.9.0 * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @return bool True on success, false on failure. */ function wp_untrash_comment( $comment_id ) { $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } /** * Fires immediately before a comment is restored from the Trash. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment to be untrashed. */ do_action( 'untrash_comment', $comment->comment_ID, $comment ); $status = (string) get_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', true ); if ( empty( $status ) ) { $status = '0'; } if ( wp_set_comment_status( $comment, $status ) ) { delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); /** * Fires immediately after a comment is restored from the Trash. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The untrashed comment. */ do_action( 'untrashed_comment', $comment->comment_ID, $comment ); return true; } return false; } /** * Marks a comment as Spam. * * @since 2.9.0 * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @return bool True on success, false on failure. */ function wp_spam_comment( $comment_id ) { $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } /** * Fires immediately before a comment is marked as Spam. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param int $comment_id The comment ID. * @param WP_Comment $comment The comment to be marked as spam. */ do_action( 'spam_comment', $comment->comment_ID, $comment ); if ( wp_set_comment_status( $comment, 'spam' ) ) { delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); add_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', $comment->comment_approved ); add_comment_meta( $comment->comment_ID, '_wp_trash_meta_time', time() ); /** * Fires immediately after a comment is marked as Spam. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param int $comment_id The comment ID. * @param WP_Comment $comment The comment marked as spam. */ do_action( 'spammed_comment', $comment->comment_ID, $comment ); return true; } return false; } /** * Removes a comment from the Spam. * * @since 2.9.0 * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @return bool True on success, false on failure. */ function wp_unspam_comment( $comment_id ) { $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } /** * Fires immediately before a comment is unmarked as Spam. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment to be unmarked as spam. */ do_action( 'unspam_comment', $comment->comment_ID, $comment ); $status = (string) get_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', true ); if ( empty( $status ) ) { $status = '0'; } if ( wp_set_comment_status( $comment, $status ) ) { delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); /** * Fires immediately after a comment is unmarked as Spam. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment unmarked as spam. */ do_action( 'unspammed_comment', $comment->comment_ID, $comment ); return true; } return false; } /** * Retrieves the status of a comment by comment ID. * * @since 1.0.0 * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object * @return string|false Status might be 'trash', 'approved', 'unapproved', 'spam'. False on failure. */ function wp_get_comment_status( $comment_id ) { $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } $approved = $comment->comment_approved; if ( null === $approved ) { return false; } elseif ( '1' === $approved ) { return 'approved'; } elseif ( '0' === $approved ) { return 'unapproved'; } elseif ( 'spam' === $approved ) { return 'spam'; } elseif ( 'trash' === $approved ) { return 'trash'; } else { return false; } } /** * Calls hooks for when a comment status transition occurs. * * Calls hooks for comment status transitions. If the new comment status is not the same * as the previous comment status, then two hooks will be ran, the first is * {@see 'transition_comment_status'} with new status, old status, and comment data. * The next action called is {@see 'comment_$old_status_to_$new_status'}. It has * the comment data. * * The final action will run whether or not the comment statuses are the same. * The action is named {@see 'comment_$new_status_$comment->comment_type'}. * * @since 2.7.0 * * @param string $new_status New comment status. * @param string $old_status Previous comment status. * @param WP_Comment $comment Comment object. */ function wp_transition_comment_status( $new_status, $old_status, $comment ) { /* * Translate raw statuses to human-readable formats for the hooks. * This is not a complete list of comment status, it's only the ones * that need to be renamed. */ $comment_statuses = array( 0 => 'unapproved', 'hold' => 'unapproved', // wp_set_comment_status() uses "hold". 1 => 'approved', 'approve' => 'approved', // wp_set_comment_status() uses "approve". ); if ( isset( $comment_statuses[ $new_status ] ) ) { $new_status = $comment_statuses[ $new_status ]; } if ( isset( $comment_statuses[ $old_status ] ) ) { $old_status = $comment_statuses[ $old_status ]; } // Call the hooks. if ( $new_status !== $old_status ) { /** * Fires when the comment status is in transition. * * @since 2.7.0 * * @param string $new_status The new comment status. * @param string $old_status The old comment status. * @param WP_Comment $comment Comment object. */ do_action( 'transition_comment_status', $new_status, $old_status, $comment ); /** * Fires when the comment status is in transition from one specific status to another. * * The dynamic portions of the hook name, `$old_status`, and `$new_status`, * refer to the old and new comment statuses, respectively. * * Possible hook names include: * * - `comment_unapproved_to_approved` * - `comment_spam_to_approved` * - `comment_approved_to_unapproved` * - `comment_spam_to_unapproved` * - `comment_unapproved_to_spam` * - `comment_approved_to_spam` * * @since 2.7.0 * * @param WP_Comment $comment Comment object. */ do_action( "comment_{$old_status}_to_{$new_status}", $comment ); } /** * Fires when the status of a specific comment type is in transition. * * The dynamic portions of the hook name, `$new_status`, and `$comment->comment_type`, * refer to the new comment status, and the type of comment, respectively. * * Typical comment types include 'comment', 'pingback', or 'trackback'. * * Possible hook names include: * * - `comment_approved_comment` * - `comment_approved_pingback` * - `comment_approved_trackback` * - `comment_unapproved_comment` * - `comment_unapproved_pingback` * - `comment_unapproved_trackback` * - `comment_spam_comment` * - `comment_spam_pingback` * - `comment_spam_trackback` * * @since 2.7.0 * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment Comment object. */ do_action( "comment_{$new_status}_{$comment->comment_type}", $comment->comment_ID, $comment ); } /** * Clears the lastcommentmodified cached value when a comment status is changed. * * Deletes the lastcommentmodified cache key when a comment enters or leaves * 'approved' status. * * @since 4.7.0 * @access private * * @param string $new_status The new comment status. * @param string $old_status The old comment status. */ function _clear_modified_cache_on_transition_comment_status( $new_status, $old_status ) { if ( 'approved' === $new_status || 'approved' === $old_status ) { $data = array(); foreach ( array( 'server', 'gmt', 'blog' ) as $timezone ) { $data[] = "lastcommentmodified:$timezone"; } wp_cache_delete_multiple( $data, 'timeinfo' ); } } /** * Gets current commenter's name, email, and URL. * * Expects cookies content to already be sanitized. User of this function might * wish to recheck the returned array for validity. * * @see sanitize_comment_cookies() Use to sanitize cookies * * @since 2.0.4 * * @return array { * An array of current commenter variables. * * @type string $comment_author The name of the current commenter, or an empty string. * @type string $comment_author_email The email address of the current commenter, or an empty string. * @type string $comment_author_url The URL address of the current commenter, or an empty string. * } */ function wp_get_current_commenter() { // Cookies should already be sanitized. $comment_author = ''; if ( isset( $_COOKIE[ 'comment_author_' . COOKIEHASH ] ) ) { $comment_author = $_COOKIE[ 'comment_author_' . COOKIEHASH ]; } $comment_author_email = ''; if ( isset( $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] ) ) { $comment_author_email = $_COOKIE[ 'comment_author_email_' . COOKIEHASH ]; } $comment_author_url = ''; if ( isset( $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] ) ) { $comment_author_url = $_COOKIE[ 'comment_author_url_' . COOKIEHASH ]; } /** * Filters the current commenter's name, email, and URL. * * @since 3.1.0 * * @param array $comment_author_data { * An array of current commenter variables. * * @type string $comment_author The name of the current commenter, or an empty string. * @type string $comment_author_email The email address of the current commenter, or an empty string. * @type string $comment_author_url The URL address of the current commenter, or an empty string. * } */ return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) ); } /** * Gets unapproved comment author's email. * * Used to allow the commenter to see their pending comment. * * @since 5.1.0 * @since 5.7.0 The window within which the author email for an unapproved comment * can be retrieved was extended to 10 minutes. * * @return string The unapproved comment author's email (when supplied). */ function wp_get_unapproved_comment_author_email() { $commenter_email = ''; if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { $comment_id = (int) $_GET['unapproved']; $comment = get_comment( $comment_id ); if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) { // The comment will only be viewable by the comment author for 10 minutes. $comment_preview_expires = strtotime( $comment->comment_date_gmt . '+10 minutes' ); if ( time() < $comment_preview_expires ) { $commenter_email = $comment->comment_author_email; } } } if ( ! $commenter_email ) { $commenter = wp_get_current_commenter(); $commenter_email = $commenter['comment_author_email']; } return $commenter_email; } /** * Inserts a comment into the database. * * @since 2.0.0 * @since 4.4.0 Introduced the `$comment_meta` argument. * @since 5.5.0 Default value for `$comment_type` argument changed to `comment`. * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $commentdata { * Array of arguments for inserting a new comment. * * @type string $comment_agent The HTTP user agent of the `$comment_author` when * the comment was submitted. Default empty. * @type int|string $comment_approved Whether the comment has been approved. Default 1. * @type string $comment_author The name of the author of the comment. Default empty. * @type string $comment_author_email The email address of the `$comment_author`. Default empty. * @type string $comment_author_IP The IP address of the `$comment_author`. Default empty. * @type string $comment_author_url The URL address of the `$comment_author`. Default empty. * @type string $comment_content The content of the comment. Default empty. * @type string $comment_date The date the comment was submitted. To set the date * manually, `$comment_date_gmt` must also be specified. * Default is the current time. * @type string $comment_date_gmt The date the comment was submitted in the GMT timezone. * Default is `$comment_date` in the site's GMT timezone. * @type int $comment_karma The karma of the comment. Default 0. * @type int $comment_parent ID of this comment's parent, if any. Default 0. * @type int $comment_post_ID ID of the post that relates to the comment, if any. * Default 0. * @type string $comment_type Comment type. Default 'comment'. * @type array $comment_meta Optional. Array of key/value pairs to be stored in commentmeta for the * new comment. * @type int $user_id ID of the user who submitted the comment. Default 0. * } * @return int|false The new comment's ID on success, false on failure. */ function wp_insert_comment( $commentdata ) { global $wpdb; $data = wp_unslash( $commentdata ); $comment_author = ! isset( $data['comment_author'] ) ? '' : $data['comment_author']; $comment_author_email = ! isset( $data['comment_author_email'] ) ? '' : $data['comment_author_email']; $comment_author_url = ! isset( $data['comment_author_url'] ) ? '' : $data['comment_author_url']; $comment_author_ip = ! isset( $data['comment_author_IP'] ) ? '' : $data['comment_author_IP']; $comment_date = ! isset( $data['comment_date'] ) ? current_time( 'mysql' ) : $data['comment_date']; $comment_date_gmt = ! isset( $data['comment_date_gmt'] ) ? get_gmt_from_date( $comment_date ) : $data['comment_date_gmt']; $comment_post_id = ! isset( $data['comment_post_ID'] ) ? 0 : $data['comment_post_ID']; $comment_content = ! isset( $data['comment_content'] ) ? '' : $data['comment_content']; $comment_karma = ! isset( $data['comment_karma'] ) ? 0 : $data['comment_karma']; $comment_approved = ! isset( $data['comment_approved'] ) ? 1 : $data['comment_approved']; $comment_agent = ! isset( $data['comment_agent'] ) ? '' : $data['comment_agent']; $comment_type = empty( $data['comment_type'] ) ? 'comment' : $data['comment_type']; $comment_parent = ! isset( $data['comment_parent'] ) ? 0 : $data['comment_parent']; $user_id = ! isset( $data['user_id'] ) ? 0 : $data['user_id']; $compacted = array( 'comment_post_ID' => $comment_post_id, 'comment_author_IP' => $comment_author_ip, ); $compacted += compact( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_karma', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id' ); if ( ! $wpdb->insert( $wpdb->comments, $compacted ) ) { return false; } $id = (int) $wpdb->insert_id; if ( 1 === (int) $comment_approved ) { wp_update_comment_count( $comment_post_id ); $data = array(); foreach ( array( 'server', 'gmt', 'blog' ) as $timezone ) { $data[] = "lastcommentmodified:$timezone"; } wp_cache_delete_multiple( $data, 'timeinfo' ); } clean_comment_cache( $id ); $comment = get_comment( $id ); // If metadata is provided, store it. if ( isset( $commentdata['comment_meta'] ) && is_array( $commentdata['comment_meta'] ) ) { foreach ( $commentdata['comment_meta'] as $meta_key => $meta_value ) { add_comment_meta( $comment->comment_ID, $meta_key, $meta_value, true ); } } /** * Fires immediately after a comment is inserted into the database. * * @since 2.8.0 * * @param int $id The comment ID. * @param WP_Comment $comment Comment object. */ do_action( 'wp_insert_comment', $id, $comment ); return $id; } /** * Filters and sanitizes comment data. * * Sets the comment data 'filtered' field to true when finished. This can be * checked as to whether the comment should be filtered and to keep from * filtering the same comment more than once. * * @since 2.0.0 * * @param array $commentdata Contains information on the comment. * @return array Parsed comment information. */ function wp_filter_comment( $commentdata ) { if ( isset( $commentdata['user_ID'] ) ) { /** * Filters the comment author's user ID before it is set. * * The first time this filter is evaluated, `user_ID` is checked * (for back-compat), followed by the standard `user_id` value. * * @since 1.5.0 * * @param int $user_id The comment author's user ID. */ $commentdata['user_id'] = apply_filters( 'pre_user_id', $commentdata['user_ID'] ); } elseif ( isset( $commentdata['user_id'] ) ) { /** This filter is documented in wp-includes/comment.php */ $commentdata['user_id'] = apply_filters( 'pre_user_id', $commentdata['user_id'] ); } /** * Filters the comment author's browser user agent before it is set. * * @since 1.5.0 * * @param string $comment_agent The comment author's browser user agent. */ $commentdata['comment_agent'] = apply_filters( 'pre_comment_user_agent', ( isset( $commentdata['comment_agent'] ) ? $commentdata['comment_agent'] : '' ) ); /** This filter is documented in wp-includes/comment.php */ $commentdata['comment_author'] = apply_filters( 'pre_comment_author_name', $commentdata['comment_author'] ); /** * Filters the comment content before it is set. * * @since 1.5.0 * * @param string $comment_content The comment content. */ $commentdata['comment_content'] = apply_filters( 'pre_comment_content', $commentdata['comment_content'] ); /** * Filters the comment author's IP address before it is set. * * @since 1.5.0 * * @param string $comment_author_ip The comment author's IP address. */ $commentdata['comment_author_IP'] = apply_filters( 'pre_comment_user_ip', $commentdata['comment_author_IP'] ); /** This filter is documented in wp-includes/comment.php */ $commentdata['comment_author_url'] = apply_filters( 'pre_comment_author_url', $commentdata['comment_author_url'] ); /** This filter is documented in wp-includes/comment.php */ $commentdata['comment_author_email'] = apply_filters( 'pre_comment_author_email', $commentdata['comment_author_email'] ); $commentdata['filtered'] = true; return $commentdata; } /** * Determines whether a comment should be blocked because of comment flood. * * @since 2.1.0 * * @param bool $block Whether plugin has already blocked comment. * @param int $time_lastcomment Timestamp for last comment. * @param int $time_newcomment Timestamp for new comment. * @return bool Whether comment should be blocked. */ function wp_throttle_comment_flood( $block, $time_lastcomment, $time_newcomment ) { if ( $block ) { // A plugin has already blocked... we'll let that decision stand. return $block; } if ( ( $time_newcomment - $time_lastcomment ) < 15 ) { return true; } return false; } /** * Adds a new comment to the database. * * Filters new comment to ensure that the fields are sanitized and valid before * inserting comment into database. Calls {@see 'comment_post'} action with comment ID * and whether comment is approved by WordPress. Also has {@see 'preprocess_comment'} * filter for processing the comment data before the function handles it. * * We use `REMOTE_ADDR` here directly. If you are behind a proxy, you should ensure * that it is properly set, such as in wp-config.php, for your environment. * * See {@link https://core.trac.wordpress.org/ticket/9235} * * @since 1.5.0 * @since 4.3.0 Introduced the `comment_agent` and `comment_author_IP` arguments. * @since 4.7.0 The `$avoid_die` parameter was added, allowing the function * to return a WP_Error object instead of dying. * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * @since 5.5.0 Introduced the `comment_type` argument. * * @see wp_insert_comment() * @global wpdb $wpdb WordPress database abstraction object. * * @param array $commentdata { * Comment data. * * @type string $comment_author The name of the comment author. * @type string $comment_author_email The comment author email address. * @type string $comment_author_url The comment author URL. * @type string $comment_content The content of the comment. * @type string $comment_date The date the comment was submitted. Default is the current time. * @type string $comment_date_gmt The date the comment was submitted in the GMT timezone. * Default is `$comment_date` in the GMT timezone. * @type string $comment_type Comment type. Default 'comment'. * @type int $comment_parent The ID of this comment's parent, if any. Default 0. * @type int $comment_post_ID The ID of the post that relates to the comment. * @type int $user_id The ID of the user who submitted the comment. Default 0. * @type int $user_ID Kept for backward-compatibility. Use `$user_id` instead. * @type string $comment_agent Comment author user agent. Default is the value of 'HTTP_USER_AGENT' * in the `$_SERVER` superglobal sent in the original request. * @type string $comment_author_IP Comment author IP address in IPv4 format. Default is the value of * 'REMOTE_ADDR' in the `$_SERVER` superglobal sent in the original request. * } * @param bool $wp_error Should errors be returned as WP_Error objects instead of * executing wp_die()? Default false. * @return int|false|WP_Error The ID of the comment on success, false or WP_Error on failure. */ function wp_new_comment( $commentdata, $wp_error = false ) { global $wpdb; /* * Normalize `user_ID` to `user_id`, but pass the old key * to the `preprocess_comment` filter for backward compatibility. */ if ( isset( $commentdata['user_ID'] ) ) { $commentdata['user_ID'] = (int) $commentdata['user_ID']; $commentdata['user_id'] = $commentdata['user_ID']; } elseif ( isset( $commentdata['user_id'] ) ) { $commentdata['user_id'] = (int) $commentdata['user_id']; $commentdata['user_ID'] = $commentdata['user_id']; } $prefiltered_user_id = ( isset( $commentdata['user_id'] ) ) ? (int) $commentdata['user_id'] : 0; if ( ! isset( $commentdata['comment_author_IP'] ) ) { $commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; } if ( ! isset( $commentdata['comment_agent'] ) ) { $commentdata['comment_agent'] = isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : ''; } /** * Filters a comment's data before it is sanitized and inserted into the database. * * @since 1.5.0 * @since 5.6.0 Comment data includes the `comment_agent` and `comment_author_IP` values. * * @param array $commentdata Comment data. */ $commentdata = apply_filters( 'preprocess_comment', $commentdata ); $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID']; // Normalize `user_ID` to `user_id` again, after the filter. if ( isset( $commentdata['user_ID'] ) && $prefiltered_user_id !== (int) $commentdata['user_ID'] ) { $commentdata['user_ID'] = (int) $commentdata['user_ID']; $commentdata['user_id'] = $commentdata['user_ID']; } elseif ( isset( $commentdata['user_id'] ) ) { $commentdata['user_id'] = (int) $commentdata['user_id']; $commentdata['user_ID'] = $commentdata['user_id']; } $commentdata['comment_parent'] = isset( $commentdata['comment_parent'] ) ? absint( $commentdata['comment_parent'] ) : 0; $parent_status = ( $commentdata['comment_parent'] > 0 ) ? wp_get_comment_status( $commentdata['comment_parent'] ) : ''; $commentdata['comment_parent'] = ( 'approved' === $parent_status || 'unapproved' === $parent_status ) ? $commentdata['comment_parent'] : 0; $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', $commentdata['comment_author_IP'] ); $commentdata['comment_agent'] = substr( $commentdata['comment_agent'], 0, 254 ); if ( empty( $commentdata['comment_date'] ) ) { $commentdata['comment_date'] = current_time( 'mysql' ); } if ( empty( $commentdata['comment_date_gmt'] ) ) { $commentdata['comment_date_gmt'] = current_time( 'mysql', true ); } if ( empty( $commentdata['comment_type'] ) ) { $commentdata['comment_type'] = 'comment'; } $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error ); if ( is_wp_error( $commentdata['comment_approved'] ) ) { return $commentdata['comment_approved']; } $commentdata = wp_filter_comment( $commentdata ); if ( ! in_array( $commentdata['comment_approved'], array( 'trash', 'spam' ), true ) ) { // Validate the comment again after filters are applied to comment data. $commentdata['comment_approved'] = wp_check_comment_data( $commentdata ); } if ( is_wp_error( $commentdata['comment_approved'] ) ) { return $commentdata['comment_approved']; } $comment_id = wp_insert_comment( $commentdata ); if ( ! $comment_id ) { $fields = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content' ); foreach ( $fields as $field ) { if ( isset( $commentdata[ $field ] ) ) { $commentdata[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->comments, $field, $commentdata[ $field ] ); } } $commentdata = wp_filter_comment( $commentdata ); $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error ); if ( is_wp_error( $commentdata['comment_approved'] ) ) { return $commentdata['comment_approved']; } $comment_id = wp_insert_comment( $commentdata ); if ( ! $comment_id ) { return false; } } /** * Fires immediately after a comment is inserted into the database. * * @since 1.2.0 * @since 4.5.0 The `$commentdata` parameter was added. * * @param int $comment_id The comment ID. * @param int|string $comment_approved 1 if the comment is approved, 0 if not, 'spam' if spam. * @param array $commentdata Comment data. */ do_action( 'comment_post', $comment_id, $commentdata['comment_approved'], $commentdata ); return $comment_id; } /** * Sends a comment moderation notification to the comment moderator. * * @since 4.4.0 * * @param int $comment_id ID of the comment. * @return bool True on success, false on failure. */ function wp_new_comment_notify_moderator( $comment_id ) { $comment = get_comment( $comment_id ); // Only send notifications for pending comments. $maybe_notify = ( '0' === $comment->comment_approved ); /** This filter is documented in wp-includes/pluggable.php */ $maybe_notify = apply_filters( 'notify_moderator', $maybe_notify, $comment_id ); if ( ! $maybe_notify ) { return false; } return wp_notify_moderator( $comment_id ); } /** * Sends a notification of a new comment to the post author. * * @since 4.4.0 * * Uses the {@see 'notify_post_author'} filter to determine whether the post author * should be notified when a new comment is added, overriding site setting. * * @param int $comment_id Comment ID. * @return bool True on success, false on failure. */ function wp_new_comment_notify_postauthor( $comment_id ) { $comment = get_comment( $comment_id ); $is_note = ( $comment && 'note' === $comment->comment_type ); $maybe_notify = $is_note ? get_option( 'wp_notes_notify', 1 ) : get_option( 'comments_notify' ); /** * Filters whether to send the post author new comment notification emails, * overriding the site setting. * * @since 4.4.0 * * @param bool $maybe_notify Whether to notify the post author about the new comment. * @param int $comment_id The ID of the comment for the notification. */ $maybe_notify = apply_filters( 'notify_post_author', $maybe_notify, $comment_id ); /* * wp_notify_postauthor() checks if notifying the author of their own comment. * By default, it won't, but filters can override this. */ if ( ! $maybe_notify ) { return false; } // Send notifications for approved comments and all notes. if ( ! isset( $comment->comment_approved ) || ( '1' !== $comment->comment_approved && ! $is_note ) ) { return false; } return wp_notify_postauthor( $comment_id ); } /** * Send a notification to the post author when a new note is added via the REST API. * * @since 6.9.0 * * @param WP_Comment $comment The comment object. */ function wp_new_comment_via_rest_notify_postauthor( $comment ) { if ( $comment instanceof WP_Comment && 'note' === $comment->comment_type ) { wp_new_comment_notify_postauthor( (int) $comment->comment_ID ); } } /** * Sets the status of a comment. * * The {@see 'wp_set_comment_status'} action is called after the comment is handled. * If the comment status is not in the list, then false is returned. * * @since 1.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @param string $comment_status New comment status, either 'hold', 'approve', 'spam', or 'trash'. * @param bool $wp_error Whether to return a WP_Error object if there is a failure. Default false. * @return bool|WP_Error True on success, false or WP_Error on failure. */ function wp_set_comment_status( $comment_id, $comment_status, $wp_error = false ) { global $wpdb; switch ( $comment_status ) { case 'hold': case '0': $status = '0'; break; case 'approve': case '1': $status = '1'; add_action( 'wp_set_comment_status', 'wp_new_comment_notify_postauthor' ); break; case 'spam': $status = 'spam'; break; case 'trash': $status = 'trash'; break; default: return false; } $comment_old = clone get_comment( $comment_id ); if ( ! $wpdb->update( $wpdb->comments, array( 'comment_approved' => $status ), array( 'comment_ID' => $comment_old->comment_ID ) ) ) { if ( $wp_error ) { return new WP_Error( 'db_update_error', __( 'Could not update comment status.' ), $wpdb->last_error ); } else { return false; } } clean_comment_cache( $comment_old->comment_ID ); $comment = get_comment( $comment_old->comment_ID ); /** * Fires immediately after transitioning a comment's status from one to another in the database * and removing the comment from the object cache, but prior to all status transition hooks. * * @since 1.5.0 * * @param string $comment_id Comment ID as a numeric string. * @param string $comment_status Current comment status. Possible values include * 'hold', '0', 'approve', '1', 'spam', and 'trash'. */ do_action( 'wp_set_comment_status', $comment->comment_ID, $comment_status ); wp_transition_comment_status( $comment_status, $comment_old->comment_approved, $comment ); wp_update_comment_count( $comment->comment_post_ID ); return true; } /** * Updates an existing comment in the database. * * Filters the comment and makes sure certain fields are valid before updating. * * @since 2.0.0 * @since 4.9.0 Add updating comment meta during comment update. * @since 5.5.0 The `$wp_error` parameter was added. * @since 5.5.0 The return values for an invalid comment or post ID * were changed to false instead of 0. * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $commentarr Contains information on the comment. * @param bool $wp_error Optional. Whether to return a WP_Error on failure. Default false. * @return int|false|WP_Error The value 1 if the comment was updated, 0 if not updated. * False or a WP_Error object on failure. */ function wp_update_comment( $commentarr, $wp_error = false ) { global $wpdb; // First, get all of the original fields. $comment = get_comment( $commentarr['comment_ID'], ARRAY_A ); if ( empty( $comment ) ) { if ( $wp_error ) { return new WP_Error( 'invalid_comment_id', __( 'Invalid comment ID.' ) ); } else { return false; } } // Make sure that the comment post ID is valid (if specified). if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) { if ( $wp_error ) { return new WP_Error( 'invalid_post_id', __( 'Invalid post ID.' ) ); } else { return false; } } $filter_comment = false; if ( ! has_filter( 'pre_comment_content', 'wp_filter_kses' ) ) { $filter_comment = ! user_can( isset( $comment['user_id'] ) ? $comment['user_id'] : 0, 'unfiltered_html' ); } if ( $filter_comment ) { add_filter( 'pre_comment_content', 'wp_filter_kses' ); } // Escape data pulled from DB. $comment = wp_slash( $comment ); $old_status = $comment['comment_approved']; // Merge old and new fields with new fields overwriting old ones. $commentarr = array_merge( $comment, $commentarr ); $commentarr = wp_filter_comment( $commentarr ); if ( $filter_comment ) { remove_filter( 'pre_comment_content', 'wp_filter_kses' ); } // Now extract the merged array. $data = wp_unslash( $commentarr ); /** * Filters the comment content before it is updated in the database. * * @since 1.5.0 * * @param string $comment_content The comment data. */ $data['comment_content'] = apply_filters( 'comment_save_pre', $data['comment_content'] ); $data['comment_date_gmt'] = get_gmt_from_date( $data['comment_date'] ); if ( ! isset( $data['comment_approved'] ) ) { $data['comment_approved'] = 1; } elseif ( 'hold' === $data['comment_approved'] ) { $data['comment_approved'] = 0; } elseif ( 'approve' === $data['comment_approved'] ) { $data['comment_approved'] = 1; } $comment_id = $data['comment_ID']; $comment_post_id = $data['comment_post_ID']; /** * Filters the comment data immediately before it is updated in the database. * * Note: data being passed to the filter is already unslashed. * * @since 4.7.0 * @since 5.5.0 Returning a WP_Error value from the filter will short-circuit comment update * and allow skipping further processing. * * @param array|WP_Error $data The new, processed comment data, or WP_Error. * @param array $comment The old, unslashed comment data. * @param array $commentarr The new, raw comment data. */ $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr ); // Do not carry on on failure. if ( is_wp_error( $data ) ) { if ( $wp_error ) { return $data; } else { return false; } } $keys = array( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_karma', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id', ); $data = wp_array_slice_assoc( $data, $keys ); $result = $wpdb->update( $wpdb->comments, $data, array( 'comment_ID' => $comment_id ) ); if ( false === $result ) { if ( $wp_error ) { return new WP_Error( 'db_update_error', __( 'Could not update comment in the database.' ), $wpdb->last_error ); } else { return false; } } // If metadata is provided, store it. if ( isset( $commentarr['comment_meta'] ) && is_array( $commentarr['comment_meta'] ) ) { foreach ( $commentarr['comment_meta'] as $meta_key => $meta_value ) { update_comment_meta( $comment_id, $meta_key, $meta_value ); } } clean_comment_cache( $comment_id ); wp_update_comment_count( $comment_post_id ); /** * Fires immediately after a comment is updated in the database. * * The hook also fires immediately before comment status transition hooks are fired. * * @since 1.2.0 * @since 4.6.0 Added the `$data` parameter. * * @param int $comment_id The comment ID. * @param array $data Comment data. */ do_action( 'edit_comment', $comment_id, $data ); $comment = get_comment( $comment_id ); wp_transition_comment_status( $comment->comment_approved, $old_status, $comment ); return $result; } /** * Determines whether to defer comment counting. * * When setting $defer to true, all post comment counts will not be updated * until $defer is set to false. When $defer is set to false, then all * previously deferred updated post comment counts will then be automatically * updated without having to call wp_update_comment_count() after. * * @since 2.5.0 * * @param bool $defer * @return bool */ function wp_defer_comment_counting( $defer = null ) { static $_defer = false; if ( is_bool( $defer ) ) { $_defer = $defer; // Flush any deferred counts. if ( ! $defer ) { wp_update_comment_count( null, true ); } } return $_defer; } /** * Updates the comment count for post(s). * * When $do_deferred is false (is by default) and the comments have been set to * be deferred, the post_id will be added to a queue, which will be updated at a * later date and only updated once per post ID. * * If the comments have not be set up to be deferred, then the post will be * updated. When $do_deferred is set to true, then all previous deferred post * IDs will be updated along with the current $post_id. * * @since 2.1.0 * * @see wp_update_comment_count_now() For what could cause a false return value * * @param int|null $post_id Post ID. * @param bool $do_deferred Optional. Whether to process previously deferred * post comment counts. Default false. * @return bool|void True on success, false on failure or if post with ID does * not exist. */ function wp_update_comment_count( $post_id, $do_deferred = false ) { static $_deferred = array(); if ( empty( $post_id ) && ! $do_deferred ) { return false; } if ( $do_deferred ) { $_deferred = array_unique( $_deferred ); foreach ( $_deferred as $i => $_post_id ) { wp_update_comment_count_now( $_post_id ); unset( $_deferred[ $i ] ); /** @todo Move this outside of the foreach and reset $_deferred to an array instead */ } } if ( wp_defer_comment_counting() ) { $_deferred[] = $post_id; return true; } elseif ( $post_id ) { return wp_update_comment_count_now( $post_id ); } } /** * Updates the comment count for the post. * * @since 2.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $post_id Post ID * @return bool True on success, false if the post does not exist. */ function wp_update_comment_count_now( $post_id ) { global $wpdb; $post_id = (int) $post_id; if ( ! $post_id ) { return false; } wp_cache_delete( 'comments-0', 'counts' ); wp_cache_delete( "comments-{$post_id}", 'counts' ); $post = get_post( $post_id ); if ( ! $post ) { return false; } $old = (int) $post->comment_count; /** * Filters a post's comment count before it is updated in the database. * * @since 4.5.0 * * @param int|null $new The new comment count. Default null. * @param int $old The old comment count. * @param int $post_id Post ID. */ $new = apply_filters( 'pre_wp_update_comment_count_now', null, $old, $post_id ); if ( is_null( $new ) ) { $new = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' AND comment_type != 'note'", $post_id ) ); } else { $new = (int) $new; } $wpdb->update( $wpdb->posts, array( 'comment_count' => $new ), array( 'ID' => $post_id ) ); clean_post_cache( $post ); /** * Fires immediately after a post's comment count is updated in the database. * * @since 2.3.0 * * @param int $post_id Post ID. * @param int $new The new comment count. * @param int $old The old comment count. */ do_action( 'wp_update_comment_count', $post_id, $new, $old ); /** This action is documented in wp-includes/post.php */ do_action( "edit_post_{$post->post_type}", $post_id, $post ); /** This action is documented in wp-includes/post.php */ do_action( 'edit_post', $post_id, $post ); return true; } // // Ping and trackback functions. // /** * Finds a pingback server URI based on the given URL. * * Checks the HTML for the rel="pingback" link and X-Pingback headers. It does * a check for the X-Pingback headers first and returns that, if available. * The check for the rel="pingback" has more overhead than just the header. * * @since 1.5.0 * * @param string $url URL to ping. * @param string $deprecated Not Used. * @return string|false String containing URI on success, false on failure. */ function discover_pingback_server_uri( $url, $deprecated = '' ) { if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '2.7.0' ); } $pingback_str_dquote = 'rel="pingback"'; $pingback_str_squote = 'rel=\'pingback\''; /** @todo Should use Filter Extension or custom preg_match instead. */ $parsed_url = parse_url( $url ); if ( ! isset( $parsed_url['host'] ) ) { // Not a URL. This should never happen. return false; } // Do not search for a pingback server on our own uploads. $uploads_dir = wp_get_upload_dir(); if ( str_starts_with( $url, $uploads_dir['baseurl'] ) ) { return false; } $response = wp_safe_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0', ) ); if ( is_wp_error( $response ) ) { return false; } if ( wp_remote_retrieve_header( $response, 'X-Pingback' ) ) { return wp_remote_retrieve_header( $response, 'X-Pingback' ); } // Not an (x)html, sgml, or xml page, no use going further. if ( preg_match( '#(image|audio|video|model)/#is', wp_remote_retrieve_header( $response, 'Content-Type' ) ) ) { return false; } // Now do a GET since we're going to look in the HTML headers (and we're sure it's not a binary file). $response = wp_safe_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0', ) ); if ( is_wp_error( $response ) ) { return false; } $contents = wp_remote_retrieve_body( $response ); $pingback_link_offset_dquote = strpos( $contents, $pingback_str_dquote ); $pingback_link_offset_squote = strpos( $contents, $pingback_str_squote ); if ( $pingback_link_offset_dquote || $pingback_link_offset_squote ) { $quote = ( $pingback_link_offset_dquote ) ? '"' : '\''; $pingback_link_offset = ( '"' === $quote ) ? $pingback_link_offset_dquote : $pingback_link_offset_squote; $pingback_href_pos = strpos( $contents, 'href=', $pingback_link_offset ); $pingback_href_start = $pingback_href_pos + 6; $pingback_href_end = strpos( $contents, $quote, $pingback_href_start ); $pingback_server_url_len = $pingback_href_end - $pingback_href_start; $pingback_server_url = substr( $contents, $pingback_href_start, $pingback_server_url_len ); // We may find rel="pingback" but an incomplete pingback URL. if ( $pingback_server_url_len > 0 ) { // We got it! return $pingback_server_url; } } return false; } /** * Performs all pingbacks, enclosures, trackbacks, and sends to pingback services. * * @since 2.1.0 * @since 5.6.0 Introduced `do_all_pings` action hook for individual services. */ function do_all_pings() { /** * Fires immediately after the `do_pings` event to hook services individually. * * @since 5.6.0 */ do_action( 'do_all_pings' ); } /** * Performs all pingbacks. * * @since 5.6.0 */ function do_all_pingbacks() { $pings = get_posts( array( 'post_type' => get_post_types(), 'suppress_filters' => false, 'nopaging' => true, 'meta_key' => '_pingme', 'fields' => 'ids', ) ); foreach ( $pings as $ping ) { delete_post_meta( $ping, '_pingme' ); pingback( null, $ping ); } } /** * Performs all enclosures. * * @since 5.6.0 */ function do_all_enclosures() { $enclosures = get_posts( array( 'post_type' => get_post_types(), 'suppress_filters' => false, 'nopaging' => true, 'meta_key' => '_encloseme', 'fields' => 'ids', ) ); foreach ( $enclosures as $enclosure ) { delete_post_meta( $enclosure, '_encloseme' ); do_enclose( null, $enclosure ); } } /** * Performs all trackbacks. * * @since 5.6.0 */ function do_all_trackbacks() { $trackbacks = get_posts( array( 'post_type' => get_post_types(), 'suppress_filters' => false, 'nopaging' => true, 'meta_key' => '_trackbackme', 'fields' => 'ids', ) ); foreach ( $trackbacks as $trackback ) { delete_post_meta( $trackback, '_trackbackme' ); do_trackbacks( $trackback ); } } /** * Performs trackbacks. * * @since 1.5.0 * @since 4.7.0 `$post` can be a WP_Post object. * * @global wpdb $wpdb WordPress database abstraction object. * * @param int|WP_Post $post Post ID or object to do trackbacks on. * @return void|false Returns false on failure. */ function do_trackbacks( $post ) { global $wpdb; $post = get_post( $post ); if ( ! $post ) { return false; } $to_ping = get_to_ping( $post ); $pinged = get_pung( $post ); if ( empty( $to_ping ) ) { $wpdb->update( $wpdb->posts, array( 'to_ping' => '' ), array( 'ID' => $post->ID ) ); return; } if ( empty( $post->post_excerpt ) ) { /** This filter is documented in wp-includes/post-template.php */ $excerpt = apply_filters( 'the_content', $post->post_content, $post->ID ); } else { /** This filter is documented in wp-includes/post-template.php */ $excerpt = apply_filters( 'the_excerpt', $post->post_excerpt ); } $excerpt = str_replace( ']]>', ']]>', $excerpt ); $excerpt = wp_html_excerpt( $excerpt, 252, '…' ); /** This filter is documented in wp-includes/post-template.php */ $post_title = apply_filters( 'the_title', $post->post_title, $post->ID ); $post_title = strip_tags( $post_title ); foreach ( (array) $to_ping as $tb_ping ) { $tb_ping = trim( $tb_ping ); if ( ! in_array( $tb_ping, $pinged, true ) ) { trackback( $tb_ping, $post_title, $excerpt, $post->ID ); $pinged[] = $tb_ping; } else { $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $tb_ping, $post->ID ) ); } } } /** * Sends pings to all of the ping site services. * * @since 1.2.0 * * @param int $post_id Post ID. * @return int Same post ID as provided. */ function generic_ping( $post_id = 0 ) { $services = get_option( 'ping_sites' ); $services = explode( "\n", $services ); foreach ( (array) $services as $service ) { $service = trim( $service ); if ( '' !== $service ) { weblog_ping( $service ); } } return $post_id; } /** * Pings back the links found in a post. * * @since 0.71 * @since 4.7.0 `$post` can be a WP_Post object. * @since 6.8.0 Returns an array of pingback statuses indexed by link. * * @param string $content Post content to check for links. If empty will retrieve from post. * @param int|WP_Post $post Post ID or object. * @return array<string, bool> An array of pingback statuses indexed by link. */ function pingback( $content, $post ) { require_once ABSPATH . WPINC . '/class-IXR.php'; require_once ABSPATH . WPINC . '/class-wp-http-ixr-client.php'; // Original code by Mort (http://mort.mine.nu:8080). $post_links = array(); $post = get_post( $post ); if ( ! $post ) { return array(); } $pung = get_pung( $post ); if ( empty( $content ) ) { $content = $post->post_content; } /* * Step 1. * Parsing the post, external links (if any) are stored in the $post_links array. */ $post_links_temp = wp_extract_urls( $content ); $ping_status = array(); /* * Step 2. * Walking through the links array. * First we get rid of links pointing to sites, not to specific files. * Example: * http://dummy-weblog.org * http://dummy-weblog.org/ * http://dummy-weblog.org/post.php * We don't wanna ping first and second types, even if they have a valid <link/>. */ foreach ( (array) $post_links_temp as $link_test ) { // If we haven't pung it already and it isn't a link to itself. if ( ! in_array( $link_test, $pung, true ) && ( url_to_postid( $link_test ) !== $post->ID ) // Also, let's never ping local attachments. && ! is_local_attachment( $link_test ) ) { $test = parse_url( $link_test ); if ( $test ) { if ( isset( $test['query'] ) ) { $post_links[] = $link_test; } elseif ( isset( $test['path'] ) && ( '/' !== $test['path'] ) && ( '' !== $test['path'] ) ) { $post_links[] = $link_test; } } } } $post_links = array_unique( $post_links ); /** * Fires just before pinging back links found in a post. * * @since 2.0.0 * * @param string[] $post_links Array of link URLs to be checked (passed by reference). * @param string[] $pung Array of link URLs already pinged (passed by reference). * @param int $post_id The post ID. */ do_action_ref_array( 'pre_ping', array( &$post_links, &$pung, $post->ID ) ); foreach ( (array) $post_links as $pagelinkedto ) { $pingback_server_url = discover_pingback_server_uri( $pagelinkedto ); if ( $pingback_server_url ) { // Allow an additional 60 seconds for each pingback to complete. if ( function_exists( 'set_time_limit' ) ) { set_time_limit( 60 ); } // Now, the RPC call. $pagelinkedfrom = get_permalink( $post ); // Using a timeout of 3 seconds should be enough to cover slow servers. $client = new WP_HTTP_IXR_Client( $pingback_server_url ); $client->timeout = 3; /** * Filters the user agent sent when pinging-back a URL. * * @since 2.9.0 * * @param string $concat_useragent The user agent concatenated with ' -- WordPress/' * and the WordPress version. * @param string $useragent The useragent. * @param string $pingback_server_url The server URL being linked to. * @param string $pagelinkedto URL of page linked to. * @param string $pagelinkedfrom URL of page linked from. */ $client->useragent = apply_filters( 'pingback_useragent', $client->useragent . ' -- WordPress/' . get_bloginfo( 'version' ), $client->useragent, $pingback_server_url, $pagelinkedto, $pagelinkedfrom ); // When set to true, this outputs debug messages by itself. $client->debug = false; $status = $client->query( 'pingback.ping', $pagelinkedfrom, $pagelinkedto ); if ( $status // Ping registered. || ( isset( $client->error->code ) && 48 === $client->error->code ) // Already registered. ) { add_ping( $post, $pagelinkedto ); } $ping_status[ $pagelinkedto ] = $status; } } return $ping_status; } /** * Checks whether blog is public before returning sites. * * @since 2.1.0 * * @param mixed $sites Will return if blog is public, will not return if not public. * @return mixed Empty string if blog is not public, returns $sites, if site is public. */ function privacy_ping_filter( $sites ) { if ( '0' !== get_option( 'blog_public' ) ) { return $sites; } else { return ''; } } /** * Sends a Trackback. * * Updates database when sending trackback to prevent duplicates. * * @since 0.71 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $trackback_url URL to send trackbacks. * @param string $title Title of post. * @param string $excerpt Excerpt of post. * @param int $post_id Post ID. * @return int|false|void Database query from update. */ function trackback( $trackback_url, $title, $excerpt, $post_id ) { global $wpdb; if ( empty( $trackback_url ) ) { return; } $options = array(); $options['timeout'] = 10; $options['body'] = array( 'title' => $title, 'url' => get_permalink( $post_id ), 'blog_name' => get_option( 'blogname' ), 'excerpt' => $excerpt, ); $response = wp_safe_remote_post( $trackback_url, $options ); if ( is_wp_error( $response ) ) { return; } $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', %s) WHERE ID = %d", $trackback_url, $post_id ) ); return $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $trackback_url, $post_id ) ); } /** * Sends a pingback. * * @since 1.2.0 * * @param string $server Host of blog to connect to. * @param string $path Path to send the ping. */ function weblog_ping( $server = '', $path = '' ) { require_once ABSPATH . WPINC . '/class-IXR.php'; require_once ABSPATH . WPINC . '/class-wp-http-ixr-client.php'; // Using a timeout of 3 seconds should be enough to cover slow servers. $client = new WP_HTTP_IXR_Client( $server, ( ( ! strlen( trim( $path ) ) || ( '/' === $path ) ) ? false : $path ) ); $client->timeout = 3; $client->useragent .= ' -- WordPress/' . get_bloginfo( 'version' ); // When set to true, this outputs debug messages by itself. $client->debug = false; $home = trailingslashit( home_url() ); if ( ! $client->query( 'weblogUpdates.extendedPing', get_option( 'blogname' ), $home, get_bloginfo( 'rss2_url' ) ) ) { // Then try a normal ping. $client->query( 'weblogUpdates.ping', get_option( 'blogname' ), $home ); } } /** * Default filter attached to pingback_ping_source_uri to validate the pingback's Source URI. * * @since 3.5.1 * * @see wp_http_validate_url() * * @param string $source_uri * @return string */ function pingback_ping_source_uri( $source_uri ) { return (string) wp_http_validate_url( $source_uri ); } /** * Default filter attached to xmlrpc_pingback_error. * * Returns a generic pingback error code unless the error code is 48, * which reports that the pingback is already registered. * * @since 3.5.1 * * @link https://www.hixie.ch/specs/pingback/pingback#TOC3 * * @param IXR_Error $ixr_error * @return IXR_Error */ function xmlrpc_pingback_error( $ixr_error ) { if ( 48 === $ixr_error->code ) { return $ixr_error; } return new IXR_Error( 0, '' ); } // // Cache. // /** * Removes a comment from the object cache. * * @since 2.3.0 * * @param int|array $ids Comment ID or an array of comment IDs to remove from cache. */ function clean_comment_cache( $ids ) { $comment_ids = (array) $ids; wp_cache_delete_multiple( $comment_ids, 'comment' ); foreach ( $comment_ids as $id ) { /** * Fires immediately after a comment has been removed from the object cache. * * @since 4.5.0 * * @param int $id Comment ID. */ do_action( 'clean_comment_cache', $id ); } wp_cache_set_comments_last_changed(); } /** * Updates the comment cache of given comments. * * Will add the comments in $comments to the cache. If comment ID already exists * in the comment cache then it will not be updated. The comment is added to the * cache using the comment group with the key using the ID of the comments. * * @since 2.3.0 * @since 4.4.0 Introduced the `$update_meta_cache` parameter. * * @param WP_Comment[] $comments Array of comment objects * @param bool $update_meta_cache Whether to update commentmeta cache. Default true. */ function update_comment_cache( $comments, $update_meta_cache = true ) { $data = array(); foreach ( (array) $comments as $comment ) { $data[ $comment->comment_ID ] = $comment; } wp_cache_add_multiple( $data, 'comment' ); if ( $update_meta_cache ) { // Avoid `wp_list_pluck()` in case `$comments` is passed by reference. $comment_ids = array(); foreach ( $comments as $comment ) { $comment_ids[] = $comment->comment_ID; } update_meta_cache( 'comment', $comment_ids ); } } /** * Adds any comments from the given IDs to the cache that do not already exist in cache. * * @since 4.4.0 * @since 6.1.0 This function is no longer marked as "private". * @since 6.3.0 Use wp_lazyload_comment_meta() for lazy-loading of comment meta. * * @see update_comment_cache() * @global wpdb $wpdb WordPress database abstraction object. * * @param int[] $comment_ids Array of comment IDs. * @param bool $update_meta_cache Optional. Whether to update the meta cache. Default true. */ function _prime_comment_caches( $comment_ids, $update_meta_cache = true ) { global $wpdb; $non_cached_ids = _get_non_cached_ids( $comment_ids, 'comment' ); if ( ! empty( $non_cached_ids ) ) { $fresh_comments = $wpdb->get_results( sprintf( "SELECT $wpdb->comments.* FROM $wpdb->comments WHERE comment_ID IN (%s)", implode( ',', array_map( 'intval', $non_cached_ids ) ) ) ); update_comment_cache( $fresh_comments, false ); } if ( $update_meta_cache ) { wp_lazyload_comment_meta( $comment_ids ); } } // // Internal. // /** * Closes comments on old posts on the fly, without any extra DB queries. Hooked to the_posts. * * @since 2.7.0 * @access private * * @param WP_Post[] $posts Array of post objects. * @param WP_Query $query Query object. * @return WP_Post[] */ function _close_comments_for_old_posts( $posts, $query ) { if ( empty( $posts ) || ! $query->is_singular() || ! get_option( 'close_comments_for_old_posts' ) ) { return $posts; } /** * Filters the list of post types to automatically close comments for. * * @since 3.2.0 * * @param string[] $post_types An array of post type names. */ $post_types = apply_filters( 'close_comments_for_post_types', array( 'post' ) ); if ( ! in_array( $posts[0]->post_type, $post_types, true ) ) { return $posts; } $days_old = (int) get_option( 'close_comments_days_old' ); if ( ! $days_old ) { return $posts; } if ( time() - strtotime( $posts[0]->post_date_gmt ) > ( $days_old * DAY_IN_SECONDS ) ) { $posts[0]->comment_status = 'closed'; $posts[0]->ping_status = 'closed'; } return $posts; } /** * Closes comments on an old post. Hooked to comments_open and pings_open. * * @since 2.7.0 * @access private * * @param bool $open Comments open or closed. * @param int $post_id Post ID. * @return bool $open */ function _close_comments_for_old_post( $open, $post_id ) { if ( ! $open ) { return $open; } if ( ! get_option( 'close_comments_for_old_posts' ) ) { return $open; } $days_old = (int) get_option( 'close_comments_days_old' ); if ( ! $days_old ) { return $open; } $post = get_post( $post_id ); /** This filter is documented in wp-includes/comment.php */ $post_types = apply_filters( 'close_comments_for_post_types', array( 'post' ) ); if ( ! in_array( $post->post_type, $post_types, true ) ) { return $open; } // Undated drafts should not show up as comments closed. if ( '0000-00-00 00:00:00' === $post->post_date_gmt ) { return $open; } if ( time() - strtotime( $post->post_date_gmt ) > ( $days_old * DAY_IN_SECONDS ) ) { return false; } return $open; } /** * Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form. * * This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which * expect slashed data. * * @since 4.4.0 * * @param array $comment_data { * Comment data. * * @type string|int $comment_post_ID The ID of the post that relates to the comment. * @type string $author The name of the comment author. * @type string $email The comment author email address. * @type string $url The comment author URL. * @type string $comment The content of the comment. * @type string|int $comment_parent The ID of this comment's parent, if any. Default 0. * @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML. * } * @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure. */ function wp_handle_comment_submission( $comment_data ) { $comment_post_id = 0; $comment_author = ''; $comment_author_email = ''; $comment_author_url = ''; $comment_content = ''; $comment_parent = 0; $user_id = 0; if ( isset( $comment_data['comment_post_ID'] ) ) { $comment_post_id = (int) $comment_data['comment_post_ID']; } if ( isset( $comment_data['author'] ) && is_string( $comment_data['author'] ) ) { $comment_author = trim( strip_tags( $comment_data['author'] ) ); } if ( isset( $comment_data['email'] ) && is_string( $comment_data['email'] ) ) { $comment_author_email = trim( $comment_data['email'] ); } if ( isset( $comment_data['url'] ) && is_string( $comment_data['url'] ) ) { $comment_author_url = trim( $comment_data['url'] ); } if ( isset( $comment_data['comment'] ) && is_string( $comment_data['comment'] ) ) { $comment_content = trim( $comment_data['comment'] ); } if ( isset( $comment_data['comment_parent'] ) ) { $comment_parent = absint( $comment_data['comment_parent'] ); $comment_parent_object = get_comment( $comment_parent ); if ( 0 !== $comment_parent && ( ! $comment_parent_object instanceof WP_Comment || 0 === (int) $comment_parent_object->comment_approved ) ) { /** * Fires when a comment reply is attempted to an unapproved comment. * * @since 6.2.0 * * @param int $comment_post_id Post ID. * @param int $comment_parent Parent comment ID. */ do_action( 'comment_reply_to_unapproved_comment', $comment_post_id, $comment_parent ); return new WP_Error( 'comment_reply_to_unapproved_comment', __( 'Sorry, replies to unapproved comments are not allowed.' ), 403 ); } } $post = get_post( $comment_post_id ); if ( empty( $post->comment_status ) ) { /** * Fires when a comment is attempted on a post that does not exist. * * @since 1.5.0 * * @param int $comment_post_id Post ID. */ do_action( 'comment_id_not_found', $comment_post_id ); return new WP_Error( 'comment_id_not_found' ); } // get_post_status() will get the parent status for attachments. $status = get_post_status( $post ); if ( ( 'private' === $status ) && ! current_user_can( 'read_post', $comment_post_id ) ) { return new WP_Error( 'comment_id_not_found' ); } $status_obj = get_post_status_object( $status ); if ( ! comments_open( $comment_post_id ) ) { /** * Fires when a comment is attempted on a post that has comments closed. * * @since 1.5.0 * * @param int $comment_post_id Post ID. */ do_action( 'comment_closed', $comment_post_id ); return new WP_Error( 'comment_closed', __( 'Sorry, comments are closed for this item.' ), 403 ); } elseif ( 'trash' === $status ) { /** * Fires when a comment is attempted on a trashed post. * * @since 2.9.0 * * @param int $comment_post_id Post ID. */ do_action( 'comment_on_trash', $comment_post_id ); return new WP_Error( 'comment_on_trash' ); } elseif ( ! $status_obj->public && ! $status_obj->private ) { /** * Fires when a comment is attempted on a post in draft mode. * * @since 1.5.1 * * @param int $comment_post_id Post ID. */ do_action( 'comment_on_draft', $comment_post_id ); if ( current_user_can( 'read_post', $comment_post_id ) ) { return new WP_Error( 'comment_on_draft', __( 'Sorry, comments are not allowed for this item.' ), 403 ); } else { return new WP_Error( 'comment_on_draft' ); } } elseif ( post_password_required( $comment_post_id ) ) { /** * Fires when a comment is attempted on a password-protected post. * * @since 2.9.0 * * @param int $comment_post_id Post ID. */ do_action( 'comment_on_password_protected', $comment_post_id ); return new WP_Error( 'comment_on_password_protected' ); } else { /** * Fires before a comment is posted. * * @since 2.8.0 * * @param int $comment_post_id Post ID. */ do_action( 'pre_comment_on_post', $comment_post_id ); } // If the user is logged in. $user = wp_get_current_user(); if ( $user->exists() ) { if ( empty( $user->display_name ) ) { $user->display_name = $user->user_login; } $comment_author = $user->display_name; $comment_author_email = $user->user_email; $comment_author_url = $user->user_url; $user_id = $user->ID; if ( current_user_can( 'unfiltered_html' ) ) { if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] ) || ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_id ) ) { kses_remove_filters(); // Start with a clean slate. kses_init_filters(); // Set up the filters. remove_filter( 'pre_comment_content', 'wp_filter_post_kses' ); add_filter( 'pre_comment_content', 'wp_filter_kses' ); } } } else { if ( get_option( 'comment_registration' ) ) { return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to comment.' ), 403 ); } } $comment_type = 'comment'; if ( get_option( 'require_name_email' ) && ! $user->exists() ) { if ( '' === $comment_author_email || '' === $comment_author ) { return new WP_Error( 'require_name_email', __( '<strong>Error:</strong> Please fill the required fields.' ), 200 ); } elseif ( ! is_email( $comment_author_email ) ) { return new WP_Error( 'require_valid_email', __( '<strong>Error:</strong> Please enter a valid email address.' ), 200 ); } } $commentdata = array( 'comment_post_ID' => $comment_post_id, ); $commentdata += compact( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_id' ); /** * Filters whether an empty comment should be allowed. * * @since 5.1.0 * * @param bool $allow_empty_comment Whether to allow empty comments. Default false. * @param array $commentdata Array of comment data to be sent to wp_insert_comment(). */ $allow_empty_comment = apply_filters( 'allow_empty_comment', false, $commentdata ); if ( '' === $comment_content && ! $allow_empty_comment ) { return new WP_Error( 'require_valid_comment', __( '<strong>Error:</strong> Please type your comment text.' ), 200 ); } $check_max_lengths = wp_check_comment_data_max_lengths( $commentdata ); if ( is_wp_error( $check_max_lengths ) ) { return $check_max_lengths; } $comment_id = wp_new_comment( wp_slash( $commentdata ), true ); if ( is_wp_error( $comment_id ) ) { return $comment_id; } if ( ! $comment_id ) { return new WP_Error( 'comment_save_error', __( '<strong>Error:</strong> The comment could not be saved. Please try again later.' ), 500 ); } return get_comment( $comment_id ); } /** * Registers the personal data exporter for comments. * * @since 4.9.6 * * @param array[] $exporters An array of personal data exporters. * @return array[] An array of personal data exporters. */ function wp_register_comment_personal_data_exporter( $exporters ) { $exporters['wordpress-comments'] = array( 'exporter_friendly_name' => __( 'WordPress Comments' ), 'callback' => 'wp_comments_personal_data_exporter', ); return $exporters; } /** * Finds and exports personal data associated with an email address from the comments table. * * @since 4.9.6 * * @param string $email_address The comment author email address. * @param int $page Comment page number. * @return array { * An array of personal data. * * @type array[] $data An array of personal data arrays. * @type bool $done Whether the exporter is finished. * } */ function wp_comments_personal_data_exporter( $email_address, $page = 1 ) { // Limit us to 500 comments at a time to avoid timing out. $number = 500; $page = (int) $page; $data_to_export = array(); $comments = get_comments( array( 'author_email' => $email_address, 'number' => $number, 'paged' => $page, 'orderby' => 'comment_ID', 'order' => 'ASC', 'update_comment_meta_cache' => false, ) ); $comment_prop_to_export = array( 'comment_author' => __( 'Comment Author' ), 'comment_author_email' => __( 'Comment Author Email' ), 'comment_author_url' => __( 'Comment Author URL' ), 'comment_author_IP' => __( 'Comment Author IP' ), 'comment_agent' => __( 'Comment Author User Agent' ), 'comment_date' => __( 'Comment Date' ), 'comment_content' => __( 'Comment Content' ), 'comment_link' => __( 'Comment URL' ), ); foreach ( (array) $comments as $comment ) { $comment_data_to_export = array(); foreach ( $comment_prop_to_export as $key => $name ) { $value = ''; switch ( $key ) { case 'comment_author': case 'comment_author_email': case 'comment_author_url': case 'comment_author_IP': case 'comment_agent': case 'comment_date': $value = $comment->{$key}; break; case 'comment_content': $value = get_comment_text( $comment->comment_ID ); break; case 'comment_link': $value = get_comment_link( $comment->comment_ID ); $value = sprintf( '<a href="%s" target="_blank">%s</a>', esc_url( $value ), esc_html( $value ) ); break; } if ( ! empty( $value ) ) { $comment_data_to_export[] = array( 'name' => $name, 'value' => $value, ); } } $data_to_export[] = array( 'group_id' => 'comments', 'group_label' => __( 'Comments' ), 'group_description' => __( 'User’s comment data.' ), 'item_id' => "comment-{$comment->comment_ID}", 'data' => $comment_data_to_export, ); } $done = count( $comments ) < $number; return array( 'data' => $data_to_export, 'done' => $done, ); } /** * Registers the personal data eraser for comments. * * @since 4.9.6 * * @param array $erasers An array of personal data erasers. * @return array An array of personal data erasers. */ function wp_register_comment_personal_data_eraser( $erasers ) { $erasers['wordpress-comments'] = array( 'eraser_friendly_name' => __( 'WordPress Comments' ), 'callback' => 'wp_comments_personal_data_eraser', ); return $erasers; } /** * Erases personal data associated with an email address from the comments table. * * @since 4.9.6 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $email_address The comment author email address. * @param int $page Comment page number. * @return array { * Data removal results. * * @type bool $items_removed Whether items were actually removed. * @type bool $items_retained Whether items were retained. * @type string[] $messages An array of messages to add to the personal data export file. * @type bool $done Whether the eraser is finished. * } */ function wp_comments_personal_data_eraser( $email_address, $page = 1 ) { global $wpdb; if ( empty( $email_address ) ) { return array( 'items_removed' => false, 'items_retained' => false, 'messages' => array(), 'done' => true, ); } // Limit us to 500 comments at a time to avoid timing out. $number = 500; $page = (int) $page; $items_removed = false; $items_retained = false; $comments = get_comments( array( 'author_email' => $email_address, 'number' => $number, 'paged' => $page, 'orderby' => 'comment_ID', 'order' => 'ASC', 'include_unapproved' => true, ) ); /* translators: Name of a comment's author after being anonymized. */ $anon_author = __( 'Anonymous' ); $messages = array(); foreach ( (array) $comments as $comment ) { $anonymized_comment = array(); $anonymized_comment['comment_agent'] = ''; $anonymized_comment['comment_author'] = $anon_author; $anonymized_comment['comment_author_email'] = ''; $anonymized_comment['comment_author_IP'] = wp_privacy_anonymize_data( 'ip', $comment->comment_author_IP ); $anonymized_comment['comment_author_url'] = ''; $anonymized_comment['user_id'] = 0; $comment_id = (int) $comment->comment_ID; /** * Filters whether to anonymize the comment. * * @since 4.9.6 * * @param bool|string $anon_message Whether to apply the comment anonymization (bool) or a custom * message (string). Default true. * @param WP_Comment $comment WP_Comment object. * @param array $anonymized_comment Anonymized comment data. */ $anon_message = apply_filters( 'wp_anonymize_comment', true, $comment, $anonymized_comment ); if ( true !== $anon_message ) { if ( $anon_message && is_string( $anon_message ) ) { $messages[] = esc_html( $anon_message ); } else { /* translators: %d: Comment ID. */ $messages[] = sprintf( __( 'Comment %d contains personal data but could not be anonymized.' ), $comment_id ); } $items_retained = true; continue; } $args = array( 'comment_ID' => $comment_id, ); $updated = $wpdb->update( $wpdb->comments, $anonymized_comment, $args ); if ( $updated ) { $items_removed = true; clean_comment_cache( $comment_id ); } else { $items_retained = true; } } $done = count( $comments ) < $number; return array( 'items_removed' => $items_removed, 'items_retained' => $items_retained, 'messages' => $messages, 'done' => $done, ); } /** * Sets the last changed time for the 'comment' cache group. * * @since 5.0.0 */ function wp_cache_set_comments_last_changed() { wp_cache_set_last_changed( 'comment' ); } /** * Updates the comment type for a batch of comments. * * @since 5.5.0 * * @global wpdb $wpdb WordPress database abstraction object. */ function _wp_batch_update_comment_type() { global $wpdb; $lock_name = 'update_comment_type.lock'; // Try to lock. $lock_result = $wpdb->query( $wpdb->prepare( "INSERT IGNORE INTO `$wpdb->options` ( `option_name`, `option_value`, `autoload` ) VALUES (%s, %s, 'no') /* LOCK */", $lock_name, time() ) ); if ( ! $lock_result ) { $lock_result = get_option( $lock_name ); // Bail if we were unable to create a lock, or if the existing lock is still valid. if ( ! $lock_result || ( $lock_result > ( time() - HOUR_IN_SECONDS ) ) ) { wp_schedule_single_event( time() + ( 5 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' ); return; } } // Update the lock, as by this point we've definitely got a lock, just need to fire the actions. update_option( $lock_name, time() ); // Check if there's still an empty comment type. $empty_comment_type = $wpdb->get_var( "SELECT comment_ID FROM $wpdb->comments WHERE comment_type = '' LIMIT 1" ); // No empty comment type, we're done here. if ( ! $empty_comment_type ) { update_option( 'finished_updating_comment_type', true ); delete_option( $lock_name ); return; } // Empty comment type found? We'll need to run this script again. wp_schedule_single_event( time() + ( 2 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' ); /** * Filters the comment batch size for updating the comment type. * * @since 5.5.0 * * @param int $comment_batch_size The comment batch size. Default 100. */ $comment_batch_size = (int) apply_filters( 'wp_update_comment_type_batch_size', 100 ); // Get the IDs of the comments to update. $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_type = '' ORDER BY comment_ID DESC LIMIT %d", $comment_batch_size ) ); if ( $comment_ids ) { $comment_id_list = implode( ',', $comment_ids ); // Update the `comment_type` field value to be `comment` for the next batch of comments. $wpdb->query( "UPDATE {$wpdb->comments} SET comment_type = 'comment' WHERE comment_type = '' AND comment_ID IN ({$comment_id_list})" // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared ); // Make sure to clean the comment cache. clean_comment_cache( $comment_ids ); } delete_option( $lock_name ); } /** * In order to avoid the _wp_batch_update_comment_type() job being accidentally removed, * check that it's still scheduled while we haven't finished updating comment types. * * @ignore * @since 5.5.0 */ function _wp_check_for_scheduled_update_comment_type() { if ( ! get_option( 'finished_updating_comment_type' ) && ! wp_next_scheduled( 'wp_update_comment_type_batch' ) ) { wp_schedule_single_event( time() + MINUTE_IN_SECONDS, 'wp_update_comment_type_batch' ); } } /** * Register initial note status meta. * * @since 6.9.0 */ function wp_create_initial_comment_meta() { register_meta( 'comment', '_wp_note_status', array( 'type' => 'string', 'description' => __( 'Note resolution status' ), 'single' => true, 'show_in_rest' => array( 'schema' => array( 'type' => 'string', 'enum' => array( 'resolved', 'reopen' ), ), ), 'auth_callback' => function ( $allowed, $meta_key, $object_id ) { return current_user_can( 'edit_comment', $object_id ); }, ) ); } class-wp-script-modules.php 0000666 00000100225 15224716631 0011771 0 ustar 00 <?php /** * Script Modules API: WP_Script_Modules class. * * Native support for ES Modules and Import Maps. * * @package WordPress * @subpackage Script Modules */ /** * Core class used to register script modules. * * @since 6.5.0 */ class WP_Script_Modules { /** * Holds the registered script modules, keyed by script module identifier. * * @since 6.5.0 * @var array<string, array<string, mixed>> */ private $registered = array(); /** * An array of IDs for queued script modules. * * @since 6.9.0 * @var string[] */ private $queue = array(); /** * Holds the script module identifiers that have been printed. * * @since 6.9.0 * @var string[] */ private $done = array(); /** * Tracks whether the @wordpress/a11y script module is available. * * Some additional HTML is required on the page for the module to work. Track * whether it's available to print at the appropriate time. * * @since 6.7.0 * @var bool */ private $a11y_available = false; /** * Holds a mapping of dependents (as IDs) for a given script ID. * Used to optimize recursive dependency tree checks. * * @since 6.9.0 * @var array<string, string[]> */ private $dependents_map = array(); /** * Holds the valid values for fetchpriority. * * @since 6.9.0 * @var string[] */ private $priorities = array( 'low', 'auto', 'high', ); /** * List of IDs for script modules encountered which have missing dependencies. * * An ID is added to this list when it is discovered to have missing dependencies. At this time, a warning is * emitted with {@see _doing_it_wrong()}. The ID is then added to this list, so that duplicate warnings don't occur. * * @since 6.9.1 * @var string[] */ private $modules_with_missing_dependencies = array(); /** * Registers the script module if no script module with that script module * identifier has already been registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ public function register( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) { if ( '' === $id ) { _doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' ); return; } if ( ! isset( $this->registered[ $id ] ) ) { $dependencies = array(); foreach ( $deps as $dependency ) { if ( is_array( $dependency ) ) { if ( ! isset( $dependency['id'] ) || ! is_string( $dependency['id'] ) ) { _doing_it_wrong( __METHOD__, __( 'Missing required id key in entry among dependencies array.' ), '6.5.0' ); continue; } $dependencies[] = array( 'id' => $dependency['id'], 'import' => isset( $dependency['import'] ) && 'dynamic' === $dependency['import'] ? 'dynamic' : 'static', ); } elseif ( is_string( $dependency ) ) { $dependencies[] = array( 'id' => $dependency, 'import' => 'static', ); } else { _doing_it_wrong( __METHOD__, __( 'Entries in dependencies array must be either strings or arrays with an id key.' ), '6.5.0' ); } } $in_footer = isset( $args['in_footer'] ) && (bool) $args['in_footer']; $fetchpriority = 'auto'; if ( isset( $args['fetchpriority'] ) ) { if ( $this->is_valid_fetchpriority( $args['fetchpriority'] ) ) { $fetchpriority = $args['fetchpriority']; } else { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $id */ __( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ), is_string( $args['fetchpriority'] ) ? $args['fetchpriority'] : gettype( $args['fetchpriority'] ), $id ), '6.9.0' ); } } $this->registered[ $id ] = array( 'src' => $src, 'version' => $version, 'dependencies' => $dependencies, 'in_footer' => $in_footer, 'fetchpriority' => $fetchpriority, ); } } /** * Gets IDs for queued script modules. * * @since 6.9.0 * * @return string[] Script module IDs. */ public function get_queue(): array { return $this->queue; } /** * Checks if the provided fetchpriority is valid. * * @since 6.9.0 * * @param string|mixed $priority Fetch priority. * @return bool Whether valid fetchpriority. */ private function is_valid_fetchpriority( $priority ): bool { return in_array( $priority, $this->priorities, true ); } /** * Sets the fetch priority for a script module. * * @since 6.9.0 * * @param string $id Script module identifier. * @param 'auto'|'low'|'high' $priority Fetch priority for the script module. * @return bool Whether setting the fetchpriority was successful. */ public function set_fetchpriority( string $id, string $priority ): bool { if ( ! isset( $this->registered[ $id ] ) ) { return false; } if ( '' === $priority ) { $priority = 'auto'; } if ( ! $this->is_valid_fetchpriority( $priority ) ) { _doing_it_wrong( __METHOD__, /* translators: %s: Invalid fetchpriority. */ sprintf( __( 'Invalid fetchpriority: %s' ), $priority ), '6.9.0' ); return false; } $this->registered[ $id ]['fetchpriority'] = $priority; return true; } /** * Sets whether a script module should be printed in the footer. * * This is only relevant in block themes. * * @since 6.9.0 * * @param string $id Script module identifier. * @param bool $in_footer Whether to print in the footer. * @return bool Whether setting the printing location was successful. */ public function set_in_footer( string $id, bool $in_footer ): bool { if ( ! isset( $this->registered[ $id ] ) ) { return false; } $this->registered[ $id ]['in_footer'] = $in_footer; return true; } /** * Marks the script module to be enqueued in the page. * * If a src is provided and the script module has not been registered yet, it * will be registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ public function enqueue( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) { if ( '' === $id ) { _doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' ); return; } if ( ! in_array( $id, $this->queue, true ) ) { $this->queue[] = $id; } if ( ! isset( $this->registered[ $id ] ) && $src ) { $this->register( $id, $src, $deps, $version, $args ); } } /** * Unmarks the script module so it will no longer be enqueued in the page. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ public function dequeue( string $id ) { $this->queue = array_values( array_diff( $this->queue, array( $id ) ) ); } /** * Removes a registered script module. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ public function deregister( string $id ) { $this->dequeue( $id ); unset( $this->registered[ $id ] ); } /** * Adds the hooks to print the import map, enqueued script modules and script * module preloads. * * In classic themes, the script modules used by the blocks are not yet known * when the `wp_head` actions is fired, so it needs to print everything in the * footer. * * @since 6.5.0 */ public function add_hooks() { $is_block_theme = wp_is_block_theme(); $position = $is_block_theme ? 'wp_head' : 'wp_footer'; add_action( $position, array( $this, 'print_import_map' ) ); if ( $is_block_theme ) { /* * Modules can only be printed in the head for block themes because only with * block themes will import map be fully populated by modules discovered by * rendering the block template. In classic themes, modules are enqueued during * template rendering, thus the import map must be printed in the footer, * followed by all enqueued modules. */ add_action( 'wp_head', array( $this, 'print_head_enqueued_script_modules' ) ); } add_action( 'wp_footer', array( $this, 'print_enqueued_script_modules' ) ); add_action( $position, array( $this, 'print_script_module_preloads' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_import_map' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_enqueued_script_modules' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_preloads' ) ); add_action( 'wp_footer', array( $this, 'print_script_module_data' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_data' ) ); add_action( 'wp_footer', array( $this, 'print_a11y_script_module_html' ), 20 ); add_action( 'admin_print_footer_scripts', array( $this, 'print_a11y_script_module_html' ), 20 ); } /** * Gets the highest fetch priority for the provided script IDs. * * @since 6.9.0 * * @param string[] $ids Script module IDs. * @return 'auto'|'low'|'high' Highest fetch priority for the provided script module IDs. */ private function get_highest_fetchpriority( array $ids ): string { static $high_priority_index = null; if ( null === $high_priority_index ) { $high_priority_index = count( $this->priorities ) - 1; } $highest_priority_index = 0; foreach ( $ids as $id ) { if ( isset( $this->registered[ $id ] ) ) { $highest_priority_index = (int) max( $highest_priority_index, (int) array_search( $this->registered[ $id ]['fetchpriority'], $this->priorities, true ) ); if ( $high_priority_index === $highest_priority_index ) { break; } } } return $this->priorities[ $highest_priority_index ]; } /** * Prints the enqueued script modules in head. * * This is only used in block themes. * * @since 6.9.0 */ public function print_head_enqueued_script_modules() { foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) { if ( isset( $this->registered[ $id ] ) && ! $this->registered[ $id ]['in_footer'] ) { // If any dependency is set to be printed in footer, skip printing this module in head. $dependencies = array_keys( $this->get_dependencies( array( $id ) ) ); foreach ( $dependencies as $dependency_id ) { if ( in_array( $dependency_id, $this->queue, true ) && isset( $this->registered[ $dependency_id ] ) && $this->registered[ $dependency_id ]['in_footer'] ) { continue 2; } } $this->print_script_module( $id ); } } } /** * Prints the enqueued script modules in footer. * * @since 6.5.0 */ public function print_enqueued_script_modules() { foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) { $this->print_script_module( $id ); } } /** * Prints the enqueued script module using script tags with type="module" * attributes. * * @since 6.9.0 * * @param string $id The script module identifier. */ private function print_script_module( string $id ) { if ( in_array( $id, $this->done, true ) || ! in_array( $id, $this->queue, true ) ) { return; } $this->done[] = $id; $src = $this->get_src( $id ); if ( '' === $src ) { return; } $attributes = array( 'type' => 'module', 'src' => $src, 'id' => $id . '-js-module', ); $script_module = $this->registered[ $id ]; $queued_dependents = array_intersect( $this->queue, $this->get_recursive_dependents( $id ) ); $fetchpriority = $this->get_highest_fetchpriority( array_merge( array( $id ), $queued_dependents ) ); if ( 'auto' !== $fetchpriority ) { $attributes['fetchpriority'] = $fetchpriority; } if ( $fetchpriority !== $script_module['fetchpriority'] ) { $attributes['data-wp-fetchpriority'] = $script_module['fetchpriority']; } wp_print_script_tag( $attributes ); } /** * Prints the static dependencies of the enqueued script modules using * link tags with rel="modulepreload" attributes. * * If a script module is marked for enqueue, it will not be preloaded. * * @since 6.5.0 */ public function print_script_module_preloads() { $dependency_ids = $this->get_sorted_dependencies( $this->queue, array( 'static' ) ); foreach ( $dependency_ids as $id ) { // Don't preload if it's marked for enqueue. if ( in_array( $id, $this->queue, true ) ) { continue; } $src = $this->get_src( $id ); if ( '' === $src ) { continue; } $enqueued_dependents = array_intersect( $this->get_recursive_dependents( $id ), $this->queue ); $highest_fetchpriority = $this->get_highest_fetchpriority( $enqueued_dependents ); printf( '<link rel="modulepreload" href="%s" id="%s"', esc_url( $src ), esc_attr( $id . '-js-modulepreload' ) ); if ( 'auto' !== $highest_fetchpriority ) { printf( ' fetchpriority="%s"', esc_attr( $highest_fetchpriority ) ); } if ( $highest_fetchpriority !== $this->registered[ $id ]['fetchpriority'] && 'auto' !== $this->registered[ $id ]['fetchpriority'] ) { printf( ' data-wp-fetchpriority="%s"', esc_attr( $this->registered[ $id ]['fetchpriority'] ) ); } echo ">\n"; } } /** * Prints the import map using a script tag with a type="importmap" attribute. * * @since 6.5.0 */ public function print_import_map() { $import_map = $this->get_import_map(); if ( ! empty( $import_map['imports'] ) ) { wp_print_inline_script_tag( (string) wp_json_encode( $import_map, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), array( 'type' => 'importmap', 'id' => 'wp-importmap', ) ); } } /** * Returns the import map array. * * @since 6.5.0 * * @return array Array with an `imports` key mapping to an array of script module identifiers and their respective * URLs, including the version query. */ private function get_import_map(): array { $imports = array(); foreach ( array_keys( $this->get_dependencies( $this->queue ) ) as $id ) { $src = $this->get_src( $id ); if ( '' !== $src ) { $imports[ $id ] = $src; } } return array( 'imports' => $imports ); } /** * Retrieves the list of script modules marked for enqueue. * * Even though this is a private method and is unused in core, there are ecosystem plugins accessing it via the * Reflection API. The ecosystem should rather use {@see self::get_queue()}. * * @since 6.5.0 * * @return array<string, array> Script modules marked for enqueue, keyed by script module identifier. */ private function get_marked_for_enqueue(): array { return wp_array_slice_assoc( $this->registered, $this->queue ); } /** * Retrieves all the dependencies for the given script module identifiers, filtered by import types. * * It will consolidate an array containing a set of unique dependencies based * on the requested import types: 'static', 'dynamic', or both. This method is * recursive and also retrieves dependencies of the dependencies. * * @since 6.5.0 * * @param string[] $ids The identifiers of the script modules for which to gather dependencies. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * Default is both. * @return array<string, array> List of dependencies, keyed by script module identifier. */ private function get_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array { $all_dependencies = array(); $id_queue = $ids; while ( ! empty( $id_queue ) ) { $id = array_shift( $id_queue ); if ( ! isset( $this->registered[ $id ] ) ) { continue; } foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) { if ( ! isset( $all_dependencies[ $dependency['id'] ] ) && in_array( $dependency['import'], $import_types, true ) && isset( $this->registered[ $dependency['id'] ] ) ) { $all_dependencies[ $dependency['id'] ] = $this->registered[ $dependency['id'] ]; // Add this dependency to the list to get dependencies for. $id_queue[] = $dependency['id']; } } } return $all_dependencies; } /** * Gets all dependents of a script module. * * This is not recursive. * * @since 6.9.0 * * @see WP_Scripts::get_dependents() * * @param string $id The script ID. * @return string[] Script module IDs. */ private function get_dependents( string $id ): array { // Check if dependents map for the handle in question is present. If so, use it. if ( isset( $this->dependents_map[ $id ] ) ) { return $this->dependents_map[ $id ]; } $dependents = array(); // Iterate over all registered scripts, finding dependents of the script passed to this method. foreach ( $this->registered as $registered_id => $args ) { if ( in_array( $id, wp_list_pluck( $args['dependencies'], 'id' ), true ) ) { $dependents[] = $registered_id; } } // Add the module's dependents to the map to ease future lookups. $this->dependents_map[ $id ] = $dependents; return $dependents; } /** * Gets all recursive dependents of a script module. * * @since 6.9.0 * * @see WP_Scripts::get_dependents() * * @param string $id The script ID. * @return string[] Script module IDs. */ private function get_recursive_dependents( string $id ): array { $dependents = array(); $id_queue = array( $id ); $processed = array(); while ( ! empty( $id_queue ) ) { $current_id = array_shift( $id_queue ); // Skip unregistered or already-processed script modules. if ( ! isset( $this->registered[ $current_id ] ) || isset( $processed[ $current_id ] ) ) { continue; } // Mark as processed to guard against infinite loops from circular dependencies. $processed[ $current_id ] = true; // Find the direct dependents of the current script. foreach ( $this->get_dependents( $current_id ) as $dependent_id ) { // Only add the dependent if we haven't found it before. if ( ! isset( $dependents[ $dependent_id ] ) ) { $dependents[ $dependent_id ] = true; // Add dependency to the queue. $id_queue[] = $dependent_id; } } } return array_keys( $dependents ); } /** * Sorts the given script module identifiers based on their dependencies. * * It will return a list of script module identifiers sorted in the order * they should be printed, so that dependencies are printed before the script * modules that depend on them. * * @since 6.9.0 * * @param string[] $ids The identifiers of the script modules to sort. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * Default is both. * @return string[] Sorted list of script module identifiers. */ private function get_sorted_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array { $sorted = array(); foreach ( $ids as $id ) { $this->sort_item_dependencies( $id, $import_types, $sorted ); } return array_unique( $sorted ); } /** * Recursively sorts the dependencies for a single script module identifier. * * @since 6.9.0 * * @param string $id The identifier of the script module to sort. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * @param string[] &$sorted The array of sorted identifiers, passed by reference. * @return bool True on success, false on failure (e.g., missing dependency). */ private function sort_item_dependencies( string $id, array $import_types, array &$sorted ): bool { // If already processed, don't do it again. if ( in_array( $id, $sorted, true ) ) { return true; } // If the item doesn't exist, fail. if ( ! isset( $this->registered[ $id ] ) ) { return false; } $dependency_ids = array(); foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) { if ( in_array( $dependency['import'], $import_types, true ) ) { $dependency_ids[] = $dependency['id']; } } // If the item requires dependencies that do not exist, fail. $missing_dependencies = array_diff( $dependency_ids, array_keys( $this->registered ) ); if ( count( $missing_dependencies ) > 0 ) { if ( ! in_array( $id, $this->modules_with_missing_dependencies, true ) ) { _doing_it_wrong( get_class( $this ) . '::register', sprintf( /* translators: 1: Script module ID, 2: List of missing dependency IDs. */ __( 'The script module with the ID "%1$s" was enqueued with dependencies that are not registered: %2$s.' ), $id, implode( wp_get_list_item_separator(), $missing_dependencies ) ), '6.9.1' ); $this->modules_with_missing_dependencies[] = $id; } return false; } // Recursively process dependencies. foreach ( $dependency_ids as $dependency_id ) { if ( ! $this->sort_item_dependencies( $dependency_id, $import_types, $sorted ) ) { // A dependency failed to resolve, so this branch fails. return false; } } // All dependencies are sorted, so we can now add the current item. $sorted[] = $id; return true; } /** * Gets the versioned URL for a script module src. * * If $version is set to false, the version number is the currently installed * WordPress version. If $version is set to null, no version is added. * Otherwise, the string passed in $version is used. * * @since 6.5.0 * * @param string $id The script module identifier. * @return string The script module src with a version if relevant. */ private function get_src( string $id ): string { if ( ! isset( $this->registered[ $id ] ) ) { return ''; } $script_module = $this->registered[ $id ]; $src = $script_module['src']; if ( '' !== $src ) { if ( false === $script_module['version'] ) { $src = add_query_arg( 'ver', get_bloginfo( 'version' ), $src ); } elseif ( null !== $script_module['version'] ) { $src = add_query_arg( 'ver', $script_module['version'], $src ); } } /** * Filters the script module source. * * @since 6.5.0 * * @param string $src Module source URL. * @param string $id Module identifier. */ $src = apply_filters( 'script_module_loader_src', $src, $id ); if ( ! is_string( $src ) ) { $src = ''; } return $src; } /** * Print data associated with Script Modules. * * The data will be embedded in the page HTML and can be read by Script Modules on page load. * * @since 6.7.0 * * Data can be associated with a Script Module via the * {@see "script_module_data_{$module_id}"} filter. * * The data for a Script Module will be serialized as JSON in a script tag with an ID of the * form `wp-script-module-data-{$module_id}`. */ public function print_script_module_data(): void { $modules = array(); foreach ( array_unique( $this->queue ) as $id ) { if ( '@wordpress/a11y' === $id ) { $this->a11y_available = true; } $modules[ $id ] = true; } foreach ( array_keys( $this->get_import_map()['imports'] ) as $id ) { if ( '@wordpress/a11y' === $id ) { $this->a11y_available = true; } $modules[ $id ] = true; } foreach ( array_keys( $modules ) as $module_id ) { /** * Filters data associated with a given Script Module. * * Script Modules may require data that is required for initialization or is essential * to have immediately available on page load. These are suitable use cases for * this data. * * The dynamic portion of the hook name, `$module_id`, refers to the Script Module ID * that the data is associated with. * * This is best suited to pass essential data that must be available to the module for * initialization or immediately on page load. It does not replace the REST API or * fetching data from the client. * * Example: * * add_filter( * 'script_module_data_MyScriptModuleID', * function ( array $data ): array { * $data['dataForClient'] = 'ok'; * return $data; * } * ); * * If the filter returns no data (an empty array), nothing will be embedded in the page. * * The data for a given Script Module, if provided, will be JSON serialized in a script * tag with an ID of the form `wp-script-module-data-{$module_id}`. * * The data can be read on the client with a pattern like this: * * Example: * * const dataContainer = document.getElementById( 'wp-script-module-data-MyScriptModuleID' ); * let data = {}; * if ( dataContainer ) { * try { * data = JSON.parse( dataContainer.textContent ); * } catch {} * } * // data.dataForClient === 'ok'; * initMyScriptModuleWithData( data ); * * @since 6.7.0 * * @param array $data The data associated with the Script Module. */ $data = apply_filters( "script_module_data_{$module_id}", array() ); if ( is_array( $data ) && array() !== $data ) { /* * This data will be printed as JSON inside a script tag like this: * <script type="application/json"></script> * * A script tag must be closed by a sequence beginning with `</`. It's impossible to * close a script tag without using `<`. We ensure that `<` is escaped and `/` can * remain unescaped, so `</script>` will be printed as `\u003C/script\u00E3`. * * - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E. * - JSON_UNESCAPED_SLASHES: Don't escape /. * * If the page will use UTF-8 encoding, it's safe to print unescaped unicode: * * - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`). * - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when * JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was * before PHP 7.1 without this constant. Available as of PHP 7.1.0. * * The JSON specification requires encoding in UTF-8, so if the generated HTML page * is not encoded in UTF-8 then it's not safe to include those literals. They must * be escaped to avoid encoding issues. * * @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements. * @see https://www.php.net/manual/en/json.constants.php for details on these constants. * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing. */ $json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS; if ( ! is_utf8_charset() ) { $json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES; } wp_print_inline_script_tag( (string) wp_json_encode( $data, $json_encode_flags ), array( 'type' => 'application/json', 'id' => "wp-script-module-data-{$module_id}", ) ); } } } /** * @access private This is only intended to be called by the registered actions. * * @since 6.7.0 */ public function print_a11y_script_module_html() { if ( ! $this->a11y_available ) { return; } echo '<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;">' . '<p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden>' . esc_html__( 'Notifications' ) . '</p>' . '<div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div>' . '<div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div>' . '</div>'; } } class-simplepie.php 0000666 00000000705 15224716631 0010364 0 ustar 00 <?php if ( class_exists( 'SimplePie', false ) ) { return; } // Load and register the SimplePie native autoloaders. require ABSPATH . WPINC . '/SimplePie/autoloader.php'; /** * WordPress autoloader for SimplePie. * * @since 3.5.0 * @deprecated 6.7.0 Use `SimplePie_Autoloader` instead. * * @param string $class Class name. */ function wp_simplepie_autoload( $class ) { _deprecated_function( __FUNCTION__, '6.7.0', 'SimplePie_Autoloader' ); } https-detection-20260605034026-20260605102053.php 0000666 00000013341 15224716631 0013346 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605034026-20260605065935.php 0000666 00000013341 15224716631 0013367 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260610150210.php 0000666 00000011205 15224716631 0011767 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606074127.php 0000666 00000013341 15224716631 0012000 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260606031512.php 0000666 00000013341 15224716631 0011767 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260614090608.php 0000666 00000013341 15224716631 0012001 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260607003752.php 0000666 00000011205 15224716631 0012005 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605082225.php 0000666 00000013341 15224716631 0011775 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605081330.php 0000666 00000013341 15224716631 0011771 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605083004.php 0000666 00000013341 15224716631 0011771 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605080337.php 0000666 00000011205 15224716631 0012007 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606062230.php 0000666 00000013341 15224716631 0011770 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606073524.php 0000666 00000011205 15224716631 0012010 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606140145.php 0000666 00000011205 15224716631 0012002 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260622010845.php 0000666 00000011205 15224716631 0012003 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605170751.php 0000666 00000011205 15224716631 0012007 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605070331.php 0000666 00000011205 15224716631 0012000 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606053927-20260621213507.php 0000666 00000011205 15224716631 0013377 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606010046.php 0000666 00000011205 15224716631 0011776 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605094635.php 0000666 00000013341 15224716631 0012005 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605074049.php 0000666 00000013341 15224716631 0012002 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection.php 0000666 00000013341 15224716631 0010410 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } theme-previews.php 0000666 00000005536 15224716631 0010245 0 ustar 00 <?php /** * Theme previews using the Site Editor for block themes. * * @package WordPress */ /** * Filters the blog option to return the path for the previewed theme. * * @since 6.3.0 * * @param string $current_stylesheet The current theme's stylesheet or template path. * @return string The previewed theme's stylesheet or template path. */ function wp_get_theme_preview_path( $current_stylesheet = null ) { if ( ! current_user_can( 'switch_themes' ) ) { return $current_stylesheet; } $preview_stylesheet = ! empty( $_GET['wp_theme_preview'] ) ? sanitize_text_field( wp_unslash( $_GET['wp_theme_preview'] ) ) : null; $wp_theme = wp_get_theme( $preview_stylesheet ); if ( ! is_wp_error( $wp_theme->errors() ) ) { if ( current_filter() === 'template' ) { $theme_path = $wp_theme->get_template(); } else { $theme_path = $wp_theme->get_stylesheet(); } return sanitize_text_field( $theme_path ); } return $current_stylesheet; } /** * Adds a middleware to `apiFetch` to set the theme for the preview. * This adds a `wp_theme_preview` URL parameter to API requests from the Site Editor, so they also respond as if the theme is set to the value of the parameter. * * @since 6.3.0 */ function wp_attach_theme_preview_middleware() { // Don't allow non-admins to preview themes. if ( ! current_user_can( 'switch_themes' ) ) { return; } wp_add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createThemePreviewMiddleware( %s ) );', wp_json_encode( sanitize_text_field( wp_unslash( $_GET['wp_theme_preview'] ) ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Set a JavaScript constant for theme activation. * * Sets the JavaScript global WP_BLOCK_THEME_ACTIVATE_NONCE containing the nonce * required to activate a theme. For use within the site editor. * * @see https://github.com/WordPress/gutenberg/pull/41836 * * @since 6.3.0 * @access private */ function wp_block_theme_activate_nonce() { $nonce_handle = 'switch-theme_' . wp_get_theme_preview_path(); ?> <script type="text/javascript"> window.WP_BLOCK_THEME_ACTIVATE_NONCE = <?php echo wp_json_encode( wp_create_nonce( $nonce_handle ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); ?>; </script> <?php } /** * Add filters and actions to enable Block Theme Previews in the Site Editor. * * The filters and actions should be added after `pluggable.php` is included as they may * trigger code that uses `current_user_can()` which requires functionality from `pluggable.php`. * * @since 6.3.2 */ function wp_initialize_theme_preview_hooks() { if ( ! empty( $_GET['wp_theme_preview'] ) ) { add_filter( 'stylesheet', 'wp_get_theme_preview_path' ); add_filter( 'template', 'wp_get_theme_preview_path' ); add_action( 'init', 'wp_attach_theme_preview_middleware' ); add_action( 'admin_head', 'wp_block_theme_activate_nonce' ); } } https-detection-20260622152601.php 0000666 00000013341 15224716631 0011770 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260607071034.php 0000666 00000011205 15224716631 0012003 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606031605.php 0000666 00000011205 15224716631 0012002 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605111908.php 0000666 00000011205 15224716631 0012006 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260610045420.php 0000666 00000011205 15224716631 0011775 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605102002.php 0000666 00000013341 15224716631 0011757 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606010046-20260622011501.php 0000666 00000011205 15224716631 0013347 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605122500.php 0000666 00000011205 15224716631 0011774 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605090858.php 0000666 00000013341 15224716631 0012010 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606153446.php 0000666 00000011205 15224716631 0012012 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605234702.php 0000666 00000011205 15224716631 0012004 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606074155.php 0000666 00000011205 15224716631 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260615192534.php 0000666 00000011205 15224716631 0012013 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wp-walker.php 0000666 00000032012 15224716631 0010302 0 ustar 00 <?php /** * A class for displaying various tree-like structures. * * Extend the Walker class to use it, see examples below. Child classes * do not need to implement all of the abstract methods in the class. The child * only needs to implement the methods that are needed. * * @since 2.1.0 * * @package WordPress * @abstract */ #[AllowDynamicProperties] class Walker { /** * What the class handles. * * @since 2.1.0 * @var string */ public $tree_type; /** * DB fields to use. * * @since 2.1.0 * @var string[] */ public $db_fields; /** * Max number of pages walked by the paged walker. * * @since 2.7.0 * @var int */ public $max_pages = 1; /** * Whether the current element has children or not. * * To be used in start_el(). * * @since 4.0.0 * @var bool */ public $has_children; /** * Starts the list before the elements are added. * * The $args parameter holds additional values that may be used with the child * class methods. This method is called at the start of the output list. * * @since 2.1.0 * @abstract * * @param string $output Used to append additional content (passed by reference). * @param int $depth Depth of the item. * @param array $args An array of additional arguments. */ public function start_lvl( &$output, $depth = 0, $args = array() ) {} /** * Ends the list of after the elements are added. * * The $args parameter holds additional values that may be used with the child * class methods. This method finishes the list at the end of output of the elements. * * @since 2.1.0 * @abstract * * @param string $output Used to append additional content (passed by reference). * @param int $depth Depth of the item. * @param array $args An array of additional arguments. */ public function end_lvl( &$output, $depth = 0, $args = array() ) {} /** * Starts the element output. * * The $args parameter holds additional values that may be used with the child * class methods. Also includes the element output. * * @since 2.1.0 * @since 5.9.0 Renamed `$object` (a PHP reserved keyword) to `$data_object` for PHP 8 named parameter support. * @abstract * * @param string $output Used to append additional content (passed by reference). * @param object $data_object The data object. * @param int $depth Depth of the item. * @param array $args An array of additional arguments. * @param int $current_object_id Optional. ID of the current item. Default 0. */ public function start_el( &$output, $data_object, $depth = 0, $args = array(), $current_object_id = 0 ) {} /** * Ends the element output, if needed. * * The $args parameter holds additional values that may be used with the child class methods. * * @since 2.1.0 * @since 5.9.0 Renamed `$object` (a PHP reserved keyword) to `$data_object` for PHP 8 named parameter support. * @abstract * * @param string $output Used to append additional content (passed by reference). * @param object $data_object The data object. * @param int $depth Depth of the item. * @param array $args An array of additional arguments. */ public function end_el( &$output, $data_object, $depth = 0, $args = array() ) {} /** * Traverses elements to create list from elements. * * Display one element if the element doesn't have any children otherwise, * display the element and its children. Will only traverse up to the max * depth and no ignore elements under that depth. It is possible to set the * max depth to include all depths, see walk() method. * * This method should not be called directly, use the walk() method instead. * * @since 2.5.0 * * @param object $element Data object. * @param array $children_elements List of elements to continue traversing (passed by reference). * @param int $max_depth Max depth to traverse. * @param int $depth Depth of current element. * @param array $args An array of arguments. * @param string $output Used to append additional content (passed by reference). */ public function display_element( $element, &$children_elements, $max_depth, $depth, $args, &$output ) { if ( ! $element ) { return; } $max_depth = (int) $max_depth; $depth = (int) $depth; $id_field = $this->db_fields['id']; $id = $element->$id_field; // Display this element. $this->has_children = ! empty( $children_elements[ $id ] ); if ( isset( $args[0] ) && is_array( $args[0] ) ) { $args[0]['has_children'] = $this->has_children; // Back-compat. } $this->start_el( $output, $element, $depth, ...array_values( $args ) ); // Descend only when the depth is right and there are children for this element. if ( ( 0 === $max_depth || $max_depth > $depth + 1 ) && isset( $children_elements[ $id ] ) ) { foreach ( $children_elements[ $id ] as $child ) { if ( ! isset( $newlevel ) ) { $newlevel = true; // Start the child delimiter. $this->start_lvl( $output, $depth, ...array_values( $args ) ); } $this->display_element( $child, $children_elements, $max_depth, $depth + 1, $args, $output ); } unset( $children_elements[ $id ] ); } if ( isset( $newlevel ) && $newlevel ) { // End the child delimiter. $this->end_lvl( $output, $depth, ...array_values( $args ) ); } // End this element. $this->end_el( $output, $element, $depth, ...array_values( $args ) ); } /** * Displays array of elements hierarchically. * * Does not assume any existing order of elements. * * $max_depth = -1 means flatly display every element. * $max_depth = 0 means display all levels. * $max_depth > 0 specifies the number of display levels. * * @since 2.1.0 * @since 5.3.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @param array $elements An array of elements. * @param int $max_depth The maximum hierarchical depth. * @param mixed ...$args Optional additional arguments. * @return string The hierarchical item output. */ public function walk( $elements, $max_depth, ...$args ) { $output = ''; $max_depth = (int) $max_depth; // Invalid parameter or nothing to walk. if ( $max_depth < -1 || empty( $elements ) ) { return $output; } $parent_field = $this->db_fields['parent']; // Flat display. if ( -1 === $max_depth ) { $empty_array = array(); foreach ( $elements as $e ) { $this->display_element( $e, $empty_array, 1, 0, $args, $output ); } return $output; } /* * Need to display in hierarchical order. * Separate elements into two buckets: top level and children elements. * Children_elements is two dimensional array. Example: * Children_elements[10][] contains all sub-elements whose parent is 10. */ $top_level_elements = array(); $children_elements = array(); foreach ( $elements as $e ) { if ( empty( $e->$parent_field ) ) { $top_level_elements[] = $e; } else { $children_elements[ $e->$parent_field ][] = $e; } } /* * When none of the elements is top level. * Assume the first one must be root of the sub elements. */ if ( empty( $top_level_elements ) ) { $first = array_slice( $elements, 0, 1 ); $root = $first[0]; $top_level_elements = array(); $children_elements = array(); foreach ( $elements as $e ) { if ( $root->$parent_field === $e->$parent_field ) { $top_level_elements[] = $e; } else { $children_elements[ $e->$parent_field ][] = $e; } } } foreach ( $top_level_elements as $e ) { $this->display_element( $e, $children_elements, $max_depth, 0, $args, $output ); } /* * If we are displaying all levels, and remaining children_elements is not empty, * then we got orphans, which should be displayed regardless. */ if ( ( 0 === $max_depth ) && count( $children_elements ) > 0 ) { $empty_array = array(); foreach ( $children_elements as $orphans ) { foreach ( $orphans as $op ) { $this->display_element( $op, $empty_array, 1, 0, $args, $output ); } } } return $output; } /** * Produces a page of nested elements. * * Given an array of hierarchical elements, the maximum depth, a specific page number, * and number of elements per page, this function first determines all top level root elements * belonging to that page, then lists them and all of their children in hierarchical order. * * $max_depth = 0 means display all levels. * $max_depth > 0 specifies the number of display levels. * * @since 2.7.0 * @since 5.3.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @param array $elements An array of elements. * @param int $max_depth The maximum hierarchical depth. * @param int $page_num The specific page number, beginning with 1. * @param int $per_page Number of elements per page. * @param mixed ...$args Optional additional arguments. * @return string XHTML of the specified page of elements. */ public function paged_walk( $elements, $max_depth, $page_num, $per_page, ...$args ) { $output = ''; $max_depth = (int) $max_depth; if ( empty( $elements ) || $max_depth < -1 ) { return $output; } $parent_field = $this->db_fields['parent']; $count = -1; if ( -1 === $max_depth ) { $total_top = count( $elements ); } if ( $page_num < 1 || $per_page < 0 ) { // No paging. $paging = false; $start = 0; if ( -1 === $max_depth ) { $end = $total_top; } $this->max_pages = 1; } else { $paging = true; $start = ( (int) $page_num - 1 ) * (int) $per_page; $end = $start + $per_page; if ( -1 === $max_depth ) { $this->max_pages = (int) ceil( $total_top / $per_page ); } } // Flat display. if ( -1 === $max_depth ) { if ( ! empty( $args[0]['reverse_top_level'] ) ) { $elements = array_reverse( $elements ); $oldstart = $start; $start = $total_top - $end; $end = $total_top - $oldstart; } $empty_array = array(); foreach ( $elements as $e ) { ++$count; if ( $count < $start ) { continue; } if ( $count >= $end ) { break; } $this->display_element( $e, $empty_array, 1, 0, $args, $output ); } return $output; } /* * Separate elements into two buckets: top level and children elements. * Children_elements is two dimensional array, e.g. * $children_elements[10][] contains all sub-elements whose parent is 10. */ $top_level_elements = array(); $children_elements = array(); foreach ( $elements as $e ) { if ( empty( $e->$parent_field ) ) { $top_level_elements[] = $e; } else { $children_elements[ $e->$parent_field ][] = $e; } } $total_top = count( $top_level_elements ); if ( $paging ) { $this->max_pages = (int) ceil( $total_top / $per_page ); } else { $end = $total_top; } if ( ! empty( $args[0]['reverse_top_level'] ) ) { $top_level_elements = array_reverse( $top_level_elements ); $oldstart = $start; $start = $total_top - $end; $end = $total_top - $oldstart; } if ( ! empty( $args[0]['reverse_children'] ) ) { foreach ( $children_elements as $parent => $children ) { $children_elements[ $parent ] = array_reverse( $children ); } } foreach ( $top_level_elements as $e ) { ++$count; // For the last page, need to unset earlier children in order to keep track of orphans. if ( $end >= $total_top && $count < $start ) { $this->unset_children( $e, $children_elements ); } if ( $count < $start ) { continue; } if ( $count >= $end ) { break; } $this->display_element( $e, $children_elements, $max_depth, 0, $args, $output ); } if ( $end >= $total_top && count( $children_elements ) > 0 ) { $empty_array = array(); foreach ( $children_elements as $orphans ) { foreach ( $orphans as $op ) { $this->display_element( $op, $empty_array, 1, 0, $args, $output ); } } } return $output; } /** * Calculates the total number of root elements. * * @since 2.7.0 * * @param array $elements Elements to list. * @return int Number of root elements. */ public function get_number_of_root_elements( $elements ) { $num = 0; $parent_field = $this->db_fields['parent']; foreach ( $elements as $e ) { if ( empty( $e->$parent_field ) ) { ++$num; } } return $num; } /** * Unsets all the children for a given top level element. * * @since 2.7.0 * * @param object $element The top level element. * @param array $children_elements The children elements. */ public function unset_children( $element, &$children_elements ) { if ( ! $element || ! $children_elements ) { return; } $id_field = $this->db_fields['id']; $id = $element->$id_field; if ( ! empty( $children_elements[ $id ] ) && is_array( $children_elements[ $id ] ) ) { foreach ( (array) $children_elements[ $id ] as $child ) { $this->unset_children( $child, $children_elements ); } } unset( $children_elements[ $id ] ); } } https-migration-20260606153446-20260622011919.php 0000666 00000011205 15224716631 0013400 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605094635-20260621212823.php 0000666 00000013341 15224716631 0013367 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } editor.min.css 0000666 00000001476 15224716631 0007351 0 ustar 00 .block-library-html__edit .block-library-html__preview-overlay{height:100%;left:0;position:absolute;top:0;width:100%}.block-library-html__edit .block-editor-plain-text{background:#fff!important;border:1px solid #1e1e1e!important;border-radius:2px!important;box-shadow:none!important;box-sizing:border-box;color:#1e1e1e!important;display:block;font-family:Menlo,Consolas,monaco,monospace!important;font-size:16px!important;max-height:250px;padding:12px!important}@media (min-width:600px){.block-library-html__edit .block-editor-plain-text{font-size:13px!important}}.block-library-html__edit .block-editor-plain-text:focus{border-color:var(--wp-admin-theme-color)!important;box-shadow:0 0 0 1px var(--wp-admin-theme-color)!important;outline:2px solid #0000!important}.block-library-html__edit .block-editor-plain-text{direction:ltr} class-wp-network.php 0000666 00000030010 15224716631 0010502 0 ustar 00 <?php /** * Network API: WP_Network class * * @package WordPress * @subpackage Multisite * @since 4.4.0 */ /** * Core class used for interacting with a multisite network. * * This class is used during load to populate the `$current_site` global and * setup the current network. * * This class is most useful in WordPress multi-network installations where the * ability to interact with any network of sites is required. * * @since 4.4.0 * * @property int $id * @property int $site_id */ #[AllowDynamicProperties] class WP_Network { /** * Network ID. * * @since 4.4.0 * @since 4.6.0 Converted from public to private to explicitly enable more intuitive * access via magic methods. As part of the access change, the type was * also changed from `string` to `int`. * @var int */ private $id; /** * Domain of the network. * * @since 4.4.0 * @var string */ public $domain = ''; /** * Path of the network. * * @since 4.4.0 * @var string */ public $path = ''; /** * The ID of the network's main site. * * Named "blog" vs. "site" for legacy reasons. A main site is mapped to * the network when the network is created. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ private $blog_id = '0'; /** * Domain used to set cookies for this network. * * @since 4.4.0 * @var string */ public $cookie_domain = ''; /** * Name of this network. * * Named "site" vs. "network" for legacy reasons. * * @since 4.4.0 * @var string */ public $site_name = ''; /** * Retrieves a network from the database by its ID. * * @since 4.4.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $network_id The ID of the network to retrieve. * @return WP_Network|false The network's object if found. False if not. */ public static function get_instance( $network_id ) { global $wpdb; $network_id = (int) $network_id; if ( ! $network_id ) { return false; } $_network = wp_cache_get( $network_id, 'networks' ); if ( false === $_network ) { $_network = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->site} WHERE id = %d LIMIT 1", $network_id ) ); if ( empty( $_network ) || is_wp_error( $_network ) ) { $_network = -1; } wp_cache_add( $network_id, $_network, 'networks' ); } if ( is_numeric( $_network ) ) { return false; } return new WP_Network( $_network ); } /** * Creates a new WP_Network object. * * Will populate object properties from the object provided and assign other * default properties based on that information. * * @since 4.4.0 * * @param WP_Network|object $network A network object. */ public function __construct( $network ) { foreach ( get_object_vars( $network ) as $key => $value ) { $this->__set( $key, $value ); } $this->_set_site_name(); $this->_set_cookie_domain(); } /** * Getter. * * Allows current multisite naming conventions when getting properties. * * @since 4.6.0 * * @param string $key Property to get. * @return mixed Value of the property. Null if not available. */ public function __get( $key ) { switch ( $key ) { case 'id': return (int) $this->id; case 'blog_id': return (string) $this->get_main_site_id(); case 'site_id': return $this->get_main_site_id(); } return null; } /** * Isset-er. * * Allows current multisite naming conventions when checking for properties. * * @since 4.6.0 * * @param string $key Property to check if set. * @return bool Whether the property is set. */ public function __isset( $key ) { switch ( $key ) { case 'id': case 'blog_id': case 'site_id': return true; } return false; } /** * Setter. * * Allows current multisite naming conventions while setting properties. * * @since 4.6.0 * * @param string $key Property to set. * @param mixed $value Value to assign to the property. */ public function __set( $key, $value ) { switch ( $key ) { case 'id': $this->id = (int) $value; break; case 'blog_id': case 'site_id': $this->blog_id = (string) $value; break; default: $this->$key = $value; } } /** * Returns the main site ID for the network. * * Internal method used by the magic getter for the 'blog_id' and 'site_id' * properties. * * @since 4.9.0 * * @return int The ID of the main site. */ private function get_main_site_id() { /** * Filters the main site ID. * * Returning a positive integer will effectively short-circuit the function. * * @since 4.9.0 * * @param int|null $main_site_id If a positive integer is returned, it is interpreted as the main site ID. * @param WP_Network $network The network object for which the main site was detected. */ $main_site_id = (int) apply_filters( 'pre_get_main_site_id', null, $this ); if ( 0 < $main_site_id ) { return $main_site_id; } if ( 0 < (int) $this->blog_id ) { return (int) $this->blog_id; } if ( ( defined( 'DOMAIN_CURRENT_SITE' ) && defined( 'PATH_CURRENT_SITE' ) && DOMAIN_CURRENT_SITE === $this->domain && PATH_CURRENT_SITE === $this->path ) || ( defined( 'SITE_ID_CURRENT_SITE' ) && (int) SITE_ID_CURRENT_SITE === $this->id ) ) { if ( defined( 'BLOG_ID_CURRENT_SITE' ) ) { $this->blog_id = (string) BLOG_ID_CURRENT_SITE; return (int) $this->blog_id; } if ( defined( 'BLOGID_CURRENT_SITE' ) ) { // Deprecated. $this->blog_id = (string) BLOGID_CURRENT_SITE; return (int) $this->blog_id; } } $site = get_site(); if ( $site->domain === $this->domain && $site->path === $this->path ) { $main_site_id = (int) $site->id; } else { $main_site_id = get_network_option( $this->id, 'main_site' ); if ( false === $main_site_id ) { $_sites = get_sites( array( 'fields' => 'ids', 'number' => 1, 'domain' => $this->domain, 'path' => $this->path, 'network_id' => $this->id, ) ); $main_site_id = ! empty( $_sites ) ? array_shift( $_sites ) : 0; update_network_option( $this->id, 'main_site', $main_site_id ); } } $this->blog_id = (string) $main_site_id; return (int) $this->blog_id; } /** * Sets the site name assigned to the network if one has not been populated. * * @since 4.4.0 */ private function _set_site_name() { if ( ! empty( $this->site_name ) ) { return; } $default = ucfirst( $this->domain ); $this->site_name = get_network_option( $this->id, 'site_name', $default ); } /** * Sets the cookie domain based on the network domain if one has * not been populated. * * @todo What if the domain of the network doesn't match the current site? * * @since 4.4.0 */ private function _set_cookie_domain() { if ( ! empty( $this->cookie_domain ) ) { return; } $domain = parse_url( $this->domain, PHP_URL_HOST ); $this->cookie_domain = is_string( $domain ) ? $domain : $this->domain; if ( str_starts_with( $this->cookie_domain, 'www.' ) ) { $this->cookie_domain = substr( $this->cookie_domain, 4 ); } } /** * Retrieves the closest matching network for a domain and path. * * This will not necessarily return an exact match for a domain and path. Instead, it * breaks the domain and path into pieces that are then used to match the closest * possibility from a query. * * The intent of this method is to match a network during bootstrap for a * requested site address. * * @since 4.4.0 * * @param string $domain Domain to check. * @param string $path Path to check. * @param int|null $segments Path segments to use. Defaults to null, or the full path. * @return WP_Network|false Network object if successful. False when no network is found. */ public static function get_by_path( $domain = '', $path = '', $segments = null ) { $domains = array( $domain ); $pieces = explode( '.', $domain ); /* * It's possible one domain to search is 'com', but it might as well * be 'localhost' or some other locally mapped domain. */ while ( array_shift( $pieces ) ) { if ( ! empty( $pieces ) ) { $domains[] = implode( '.', $pieces ); } } /* * If we've gotten to this function during normal execution, there is * more than one network installed. At this point, who knows how many * we have. Attempt to optimize for the situation where networks are * only domains, thus meaning paths never need to be considered. * * This is a very basic optimization; anything further could have * drawbacks depending on the setup, so this is best done per-installation. */ $using_paths = true; if ( wp_using_ext_object_cache() ) { $using_paths = get_networks( array( 'number' => 1, 'count' => true, 'path__not_in' => '/', ) ); } $paths = array(); if ( $using_paths ) { $path_segments = array_filter( explode( '/', trim( $path, '/' ) ) ); /** * Filters the number of path segments to consider when searching for a site. * * @since 3.9.0 * * @param int|null $segments The number of path segments to consider. WordPress by default looks at * one path segment. The function default of null only makes sense when you * know the requested path should match a network. * @param string $domain The requested domain. * @param string $path The requested path, in full. */ $segments = apply_filters( 'network_by_path_segments_count', $segments, $domain, $path ); if ( ( null !== $segments ) && count( $path_segments ) > $segments ) { $path_segments = array_slice( $path_segments, 0, $segments ); } while ( count( $path_segments ) ) { $paths[] = '/' . implode( '/', $path_segments ) . '/'; array_pop( $path_segments ); } $paths[] = '/'; } /** * Determines a network by its domain and path. * * This allows one to short-circuit the default logic, perhaps by * replacing it with a routine that is more optimal for your setup. * * Return null to avoid the short-circuit. Return false if no network * can be found at the requested domain and path. Otherwise, return * an object from wp_get_network(). * * @since 3.9.0 * * @param null|false|WP_Network $network Network value to return by path. Default null * to continue retrieving the network. * @param string $domain The requested domain. * @param string $path The requested path, in full. * @param int|null $segments The suggested number of paths to consult. * Default null, meaning the entire path was to be consulted. * @param string[] $paths Array of paths to search for, based on `$path` and `$segments`. */ $pre = apply_filters( 'pre_get_network_by_path', null, $domain, $path, $segments, $paths ); if ( null !== $pre ) { return $pre; } if ( ! $using_paths ) { $networks = get_networks( array( 'number' => 1, 'orderby' => array( 'domain_length' => 'DESC', ), 'domain__in' => $domains, ) ); if ( ! empty( $networks ) ) { return array_shift( $networks ); } return false; } $networks = get_networks( array( 'orderby' => array( 'domain_length' => 'DESC', 'path_length' => 'DESC', ), 'domain__in' => $domains, 'path__in' => $paths, ) ); /* * Domains are sorted by length of domain, then by length of path. * The domain must match for the path to be considered. Otherwise, * a network with the path of / will suffice. */ $found = false; foreach ( $networks as $network ) { if ( ( $network->domain === $domain ) || ( "www.{$network->domain}" === $domain ) ) { if ( in_array( $network->path, $paths, true ) ) { $found = true; break; } } if ( '/' === $network->path ) { $found = true; break; } } if ( true === $found ) { return $network; } return false; } } https-detection-20260616171007.php 0000666 00000013341 15224716631 0011774 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260606052425.php 0000666 00000013341 15224716631 0011775 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260615083002.php 0000666 00000013341 15224716631 0011770 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605032501.php 0000666 00000011205 15224716631 0011775 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605080458.php 0000666 00000013341 15224716631 0012003 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260622024947-20260626111908.php 0000666 00000011205 15224716631 0013404 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } widgets.php 0000666 00000212731 15224716631 0006744 0 ustar 00 <?php /** * Core Widgets API * * This API is used for creating dynamic sidebar without hardcoding functionality into * themes. * * Includes both internal WordPress routines and theme-use routines. * * This functionality was found in a plugin before the WordPress 2.2 release, which * included it in the core from that point on. * * @link https://wordpress.org/documentation/article/manage-wordpress-widgets/ * @link https://developer.wordpress.org/themes/functionality/widgets/ * * @package WordPress * @subpackage Widgets * @since 2.2.0 */ // // Global Variables. // /** @ignore */ global $wp_registered_sidebars, $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates; /** * Stores the sidebars, since many themes can have more than one. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. */ $wp_registered_sidebars = array(); /** * Stores the registered widgets. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. */ $wp_registered_widgets = array(); /** * Stores the registered widget controls (options). * * @since 2.2.0 * * @global array $wp_registered_widget_controls The registered widget controls. */ $wp_registered_widget_controls = array(); /** * Stores the registered widget updates. * * @since 2.8.0 * * @global array $wp_registered_widget_updates The registered widget updates. */ $wp_registered_widget_updates = array(); /** * Private * * @global array $_wp_sidebars_widgets */ $_wp_sidebars_widgets = array(); /** * Private * * @global array $_wp_deprecated_widgets_callbacks */ $GLOBALS['_wp_deprecated_widgets_callbacks'] = array( 'wp_widget_pages', 'wp_widget_pages_control', 'wp_widget_calendar', 'wp_widget_calendar_control', 'wp_widget_archives', 'wp_widget_archives_control', 'wp_widget_links', 'wp_widget_meta', 'wp_widget_meta_control', 'wp_widget_search', 'wp_widget_recent_entries', 'wp_widget_recent_entries_control', 'wp_widget_tag_cloud', 'wp_widget_tag_cloud_control', 'wp_widget_categories', 'wp_widget_categories_control', 'wp_widget_text', 'wp_widget_text_control', 'wp_widget_rss', 'wp_widget_rss_control', 'wp_widget_recent_comments', 'wp_widget_recent_comments_control', ); // // Template tags & API functions. // /** * Registers a widget. * * Registers a WP_Widget widget * * @since 2.8.0 * @since 4.6.0 Updated the `$widget` parameter to also accept a WP_Widget instance object * instead of simply a `WP_Widget` subclass name. * * @see WP_Widget * * @global WP_Widget_Factory $wp_widget_factory * * @param string|WP_Widget $widget Either the name of a `WP_Widget` subclass or an instance of a `WP_Widget` subclass. */ function register_widget( $widget ) { global $wp_widget_factory; $wp_widget_factory->register( $widget ); } /** * Unregisters a widget. * * Unregisters a WP_Widget widget. Useful for un-registering default widgets. * Run within a function hooked to the {@see 'widgets_init'} action. * * @since 2.8.0 * @since 4.6.0 Updated the `$widget` parameter to also accept a WP_Widget instance object * instead of simply a `WP_Widget` subclass name. * * @see WP_Widget * * @global WP_Widget_Factory $wp_widget_factory * * @param string|WP_Widget $widget Either the name of a `WP_Widget` subclass or an instance of a `WP_Widget` subclass. */ function unregister_widget( $widget ) { global $wp_widget_factory; $wp_widget_factory->unregister( $widget ); } /** * Creates multiple sidebars. * * If you wanted to quickly create multiple sidebars for a theme or internally. * This function will allow you to do so. If you don't pass the 'name' and/or * 'id' in `$args`, then they will be built for you. * * @since 2.2.0 * * @see register_sidebar() The second parameter is documented by register_sidebar() and is the same here. * * @global array $wp_registered_sidebars The new sidebars are stored in this array by sidebar ID. * * @param int $number Optional. Number of sidebars to create. Default 1. * @param array|string $args { * Optional. Array or string of arguments for building a sidebar. * * @type string $id The base string of the unique identifier for each sidebar. If provided, and multiple * sidebars are being defined, the ID will have "-2" appended, and so on. * Default 'sidebar-' followed by the number the sidebar creation is currently at. * @type string $name The name or title for the sidebars displayed in the admin dashboard. If registering * more than one sidebar, include '%d' in the string as a placeholder for the uniquely * assigned number for each sidebar. * Default 'Sidebar' for the first sidebar, otherwise 'Sidebar %d'. * } */ function register_sidebars( $number = 1, $args = array() ) { global $wp_registered_sidebars; $number = (int) $number; if ( is_string( $args ) ) { parse_str( $args, $args ); } for ( $i = 1; $i <= $number; $i++ ) { $_args = $args; if ( $number > 1 ) { if ( isset( $args['name'] ) ) { $_args['name'] = sprintf( $args['name'], $i ); } else { /* translators: %d: Sidebar number. */ $_args['name'] = sprintf( __( 'Sidebar %d' ), $i ); } } else { $_args['name'] = isset( $args['name'] ) ? $args['name'] : __( 'Sidebar' ); } /* * Custom specified ID's are suffixed if they exist already. * Automatically generated sidebar names need to be suffixed regardless starting at -0. */ if ( isset( $args['id'] ) ) { $_args['id'] = $args['id']; $n = 2; // Start at -2 for conflicting custom IDs. while ( is_registered_sidebar( $_args['id'] ) ) { $_args['id'] = $args['id'] . '-' . $n++; } } else { $n = count( $wp_registered_sidebars ); do { $_args['id'] = 'sidebar-' . ++$n; } while ( is_registered_sidebar( $_args['id'] ) ); } register_sidebar( $_args ); } } /** * Builds the definition for a single sidebar and returns the ID. * * Accepts either a string or an array and then parses that against a set * of default arguments for the new sidebar. WordPress will automatically * generate a sidebar ID and name based on the current number of registered * sidebars if those arguments are not included. * * When allowing for automatic generation of the name and ID parameters, keep * in mind that the incrementor for your sidebar can change over time depending * on what other plugins and themes are installed. * * If theme support for 'widgets' has not yet been added when this function is * called, it will be automatically enabled through the use of add_theme_support(). * * @since 2.2.0 * @since 5.6.0 Added the `before_sidebar` and `after_sidebar` arguments. * @since 5.9.0 Added the `show_in_rest` argument. * * @global array $wp_registered_sidebars The registered sidebars. * * @param array|string $args { * Optional. Array or string of arguments for the sidebar being registered. * * @type string $name The name or title of the sidebar displayed in the Widgets * interface. Default 'Sidebar $instance'. * @type string $id The unique identifier by which the sidebar will be called. * Default 'sidebar-$instance'. * @type string $description Description of the sidebar, displayed in the Widgets interface. * Default empty string. * @type string $class Extra CSS class to assign to the sidebar in the Widgets interface. * Default empty. * @type string $before_widget HTML content to prepend to each widget's HTML output when assigned * to this sidebar. Receives the widget's ID attribute as `%1$s` * and class name as `%2$s`. Default is an opening list item element. * @type string $after_widget HTML content to append to each widget's HTML output when assigned * to this sidebar. Default is a closing list item element. * @type string $before_title HTML content to prepend to the sidebar title when displayed. * Default is an opening h2 element. * @type string $after_title HTML content to append to the sidebar title when displayed. * Default is a closing h2 element. * @type string $before_sidebar HTML content to prepend to the sidebar when displayed. * Receives the `$id` argument as `%1$s` and `$class` as `%2$s`. * Outputs after the {@see 'dynamic_sidebar_before'} action. * Default empty string. * @type string $after_sidebar HTML content to append to the sidebar when displayed. * Outputs before the {@see 'dynamic_sidebar_after'} action. * Default empty string. * @type bool $show_in_rest Whether to show this sidebar publicly in the REST API. * Defaults to only showing the sidebar to administrator users. * } * @return string Sidebar ID added to $wp_registered_sidebars global. */ function register_sidebar( $args = array() ) { global $wp_registered_sidebars; $i = count( $wp_registered_sidebars ) + 1; $id_is_empty = empty( $args['id'] ); $defaults = array( /* translators: %d: Sidebar number. */ 'name' => sprintf( __( 'Sidebar %d' ), $i ), 'id' => "sidebar-$i", 'description' => '', 'class' => '', 'before_widget' => '<li id="%1$s" class="widget %2$s">', 'after_widget' => "</li>\n", 'before_title' => '<h2 class="widgettitle">', 'after_title' => "</h2>\n", 'before_sidebar' => '', 'after_sidebar' => '', 'show_in_rest' => false, ); /** * Filters the sidebar default arguments. * * @since 5.3.0 * * @see register_sidebar() * * @param array $defaults The default sidebar arguments. */ $sidebar = wp_parse_args( $args, apply_filters( 'register_sidebar_defaults', $defaults ) ); if ( $id_is_empty ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: The 'id' argument, 2: Sidebar name, 3: Recommended 'id' value. */ __( 'No %1$s was set in the arguments array for the "%2$s" sidebar. Defaulting to "%3$s". Manually set the %1$s to "%3$s" to silence this notice and keep existing sidebar content.' ), '<code>id</code>', $sidebar['name'], $sidebar['id'] ), '4.2.0' ); } $wp_registered_sidebars[ $sidebar['id'] ] = $sidebar; add_theme_support( 'widgets' ); /** * Fires once a sidebar has been registered. * * @since 3.0.0 * * @param array $sidebar Parsed arguments for the registered sidebar. */ do_action( 'register_sidebar', $sidebar ); return $sidebar['id']; } /** * Removes a sidebar from the list. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string|int $sidebar_id The ID of the sidebar when it was registered. */ function unregister_sidebar( $sidebar_id ) { global $wp_registered_sidebars; unset( $wp_registered_sidebars[ $sidebar_id ] ); } /** * Checks if a sidebar is registered. * * @since 4.4.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string|int $sidebar_id The ID of the sidebar when it was registered. * @return bool True if the sidebar is registered, false otherwise. */ function is_registered_sidebar( $sidebar_id ) { global $wp_registered_sidebars; return isset( $wp_registered_sidebars[ $sidebar_id ] ); } /** * Registers an instance of a widget. * * The default widget option is 'classname' that can be overridden. * * The function can also be used to un-register widgets when `$output_callback` * parameter is an empty string. * * @since 2.2.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * @since 5.8.0 Added show_instance_in_rest option. * * @global array $wp_registered_widgets Uses stored registered widgets. * @global array $wp_registered_widget_controls Stores the registered widget controls (options). * @global array $wp_registered_widget_updates The registered widget updates. * @global array $_wp_deprecated_widgets_callbacks * * @param int|string $id Widget ID. * @param string $name Widget display title. * @param callable $output_callback Run when widget is called. * @param array $options { * Optional. An array of supplementary widget options for the instance. * * @type string $classname Class name for the widget's HTML container. Default is a shortened * version of the output callback name. * @type string $description Widget description for display in the widget administration * panel and/or theme. * @type bool $show_instance_in_rest Whether to show the widget's instance settings in the REST API. * Only available for WP_Widget based widgets. * } * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function wp_register_sidebar_widget( $id, $name, $output_callback, $options = array(), ...$params ) { global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates, $_wp_deprecated_widgets_callbacks; $id = strtolower( $id ); if ( empty( $output_callback ) ) { unset( $wp_registered_widgets[ $id ] ); return; } $id_base = _get_widget_id_base( $id ); if ( in_array( $output_callback, $_wp_deprecated_widgets_callbacks, true ) && ! is_callable( $output_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); unset( $wp_registered_widget_updates[ $id_base ] ); return; } $defaults = array( 'classname' => $output_callback ); $options = wp_parse_args( $options, $defaults ); $widget = array( 'name' => $name, 'id' => $id, 'callback' => $output_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); if ( is_callable( $output_callback ) && ( ! isset( $wp_registered_widgets[ $id ] ) || did_action( 'widgets_init' ) ) ) { /** * Fires once for each registered widget. * * @since 3.0.0 * * @param array $widget An array of default widget arguments. */ do_action( 'wp_register_sidebar_widget', $widget ); $wp_registered_widgets[ $id ] = $widget; } } /** * Retrieves description for widget. * * When registering widgets, the options can also include 'description' that * describes the widget for display on the widget administration panel or * in the theme. * * @since 2.5.0 * * @global array $wp_registered_widgets The registered widgets. * * @param int|string $id Widget ID. * @return string|void Widget description, if available. */ function wp_widget_description( $id ) { if ( ! is_scalar( $id ) ) { return; } global $wp_registered_widgets; if ( isset( $wp_registered_widgets[ $id ]['description'] ) ) { return esc_html( $wp_registered_widgets[ $id ]['description'] ); } } /** * Retrieves description for a sidebar. * * When registering sidebars a 'description' parameter can be included that * describes the sidebar for display on the widget administration panel. * * @since 2.9.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string $id sidebar ID. * @return string|void Sidebar description, if available. */ function wp_sidebar_description( $id ) { if ( ! is_scalar( $id ) ) { return; } global $wp_registered_sidebars; if ( isset( $wp_registered_sidebars[ $id ]['description'] ) ) { return wp_kses( $wp_registered_sidebars[ $id ]['description'], 'sidebar_description' ); } } /** * Remove widget from sidebar. * * @since 2.2.0 * * @param int|string $id Widget ID. */ function wp_unregister_sidebar_widget( $id ) { /** * Fires just before a widget is removed from a sidebar. * * @since 3.0.0 * * @param int|string $id The widget ID. */ do_action( 'wp_unregister_sidebar_widget', $id ); wp_register_sidebar_widget( $id, '', '' ); wp_unregister_widget_control( $id ); } /** * Registers widget control callback for customizing options. * * @since 2.2.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_controls The registered widget controls. * @global array $wp_registered_widget_updates The registered widget updates. * @global array $wp_registered_widgets The registered widgets. * @global array $_wp_deprecated_widgets_callbacks * * @param int|string $id Sidebar ID. * @param string $name Sidebar display name. * @param callable $control_callback Run when sidebar is displayed. * @param array $options { * Optional. Array or string of control options. Default empty array. * * @type int $height Never used. Default 200. * @type int $width Width of the fully expanded control form (but try hard to use the default width). * Default 250. * @type int|string $id_base Required for multi-widgets, i.e widgets that allow multiple instances such as the * text widget. The widget ID will end up looking like `{$id_base}-{$unique_number}`. * } * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function wp_register_widget_control( $id, $name, $control_callback, $options = array(), ...$params ) { global $wp_registered_widget_controls, $wp_registered_widget_updates, $wp_registered_widgets, $_wp_deprecated_widgets_callbacks; $id = strtolower( $id ); $id_base = _get_widget_id_base( $id ); if ( empty( $control_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); unset( $wp_registered_widget_updates[ $id_base ] ); return; } if ( in_array( $control_callback, $_wp_deprecated_widgets_callbacks, true ) && ! is_callable( $control_callback ) ) { unset( $wp_registered_widgets[ $id ] ); return; } if ( isset( $wp_registered_widget_controls[ $id ] ) && ! did_action( 'widgets_init' ) ) { return; } $defaults = array( 'width' => 250, 'height' => 200, ); // Height is never used. $options = wp_parse_args( $options, $defaults ); $options['width'] = (int) $options['width']; $options['height'] = (int) $options['height']; $widget = array( 'name' => $name, 'id' => $id, 'callback' => $control_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_controls[ $id ] = $widget; if ( isset( $wp_registered_widget_updates[ $id_base ] ) ) { return; } if ( isset( $widget['params'][0]['number'] ) ) { $widget['params'][0]['number'] = -1; } unset( $widget['width'], $widget['height'], $widget['name'], $widget['id'] ); $wp_registered_widget_updates[ $id_base ] = $widget; } /** * Registers the update callback for a widget. * * @since 2.8.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_updates The registered widget updates. * * @param string $id_base The base ID of a widget created by extending WP_Widget. * @param callable $update_callback Update callback method for the widget. * @param array $options Optional. Widget control options. See wp_register_widget_control(). * Default empty array. * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function _register_widget_update_callback( $id_base, $update_callback, $options = array(), ...$params ) { global $wp_registered_widget_updates; if ( isset( $wp_registered_widget_updates[ $id_base ] ) ) { if ( empty( $update_callback ) ) { unset( $wp_registered_widget_updates[ $id_base ] ); } return; } $widget = array( 'callback' => $update_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_updates[ $id_base ] = $widget; } /** * Registers the form callback for a widget. * * @since 2.8.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_controls The registered widget controls. * * @param int|string $id Widget ID. * @param string $name Name attribute for the widget. * @param callable $form_callback Form callback. * @param array $options Optional. Widget control options. See wp_register_widget_control(). * Default empty array. * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function _register_widget_form_callback( $id, $name, $form_callback, $options = array(), ...$params ) { global $wp_registered_widget_controls; $id = strtolower( $id ); if ( empty( $form_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); return; } if ( isset( $wp_registered_widget_controls[ $id ] ) && ! did_action( 'widgets_init' ) ) { return; } $defaults = array( 'width' => 250, 'height' => 200, ); $options = wp_parse_args( $options, $defaults ); $options['width'] = (int) $options['width']; $options['height'] = (int) $options['height']; $widget = array( 'name' => $name, 'id' => $id, 'callback' => $form_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_controls[ $id ] = $widget; } /** * Removes control callback for widget. * * @since 2.2.0 * * @param int|string $id Widget ID. */ function wp_unregister_widget_control( $id ) { wp_register_widget_control( $id, '', '' ); } /** * Displays dynamic sidebar. * * By default this displays the default sidebar or 'sidebar-1'. If your theme specifies the 'id' or * 'name' parameter for its registered sidebars you can pass an ID or name as the $index parameter. * Otherwise, you can pass in a numerical index to display the sidebar at that index. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. * @global array $wp_registered_widgets The registered widgets. * * @param int|string $index Optional. Index, name or ID of dynamic sidebar. Default 1. * @return bool True, if widget sidebar was found and called. False if not found or not called. */ function dynamic_sidebar( $index = 1 ) { global $wp_registered_sidebars, $wp_registered_widgets; if ( is_int( $index ) ) { $index = "sidebar-$index"; } else { $index = sanitize_title( $index ); foreach ( (array) $wp_registered_sidebars as $key => $value ) { if ( sanitize_title( $value['name'] ) === $index ) { $index = $key; break; } } } $sidebars_widgets = wp_get_sidebars_widgets(); if ( empty( $wp_registered_sidebars[ $index ] ) || empty( $sidebars_widgets[ $index ] ) || ! is_array( $sidebars_widgets[ $index ] ) ) { /** This action is documented in wp-includes/widget.php */ do_action( 'dynamic_sidebar_before', $index, false ); /** This action is documented in wp-includes/widget.php */ do_action( 'dynamic_sidebar_after', $index, false ); /** This filter is documented in wp-includes/widget.php */ return apply_filters( 'dynamic_sidebar_has_widgets', false, $index ); } $sidebar = $wp_registered_sidebars[ $index ]; $sidebar['before_sidebar'] = sprintf( $sidebar['before_sidebar'], $sidebar['id'], $sidebar['class'] ); /** * Fires before widgets are rendered in a dynamic sidebar. * * Note: The action also fires for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. * @param bool $has_widgets Whether the sidebar is populated with widgets. * Default true. */ do_action( 'dynamic_sidebar_before', $index, true ); if ( ! is_admin() && ! empty( $sidebar['before_sidebar'] ) ) { echo $sidebar['before_sidebar']; } $did_one = false; foreach ( (array) $sidebars_widgets[ $index ] as $id ) { if ( ! isset( $wp_registered_widgets[ $id ] ) ) { continue; } $params = array_merge( array( array_merge( $sidebar, array( 'widget_id' => $id, 'widget_name' => $wp_registered_widgets[ $id ]['name'], ) ), ), (array) $wp_registered_widgets[ $id ]['params'] ); // Substitute HTML `id` and `class` attributes into `before_widget`. $classname_ = ''; foreach ( (array) $wp_registered_widgets[ $id ]['classname'] as $cn ) { if ( is_string( $cn ) ) { $classname_ .= '_' . $cn; } elseif ( is_object( $cn ) ) { $classname_ .= '_' . get_class( $cn ); } } $classname_ = ltrim( $classname_, '_' ); $params[0]['before_widget'] = sprintf( $params[0]['before_widget'], str_replace( '\\', '_', $id ), $classname_ ); /** * Filters the parameters passed to a widget's display callback. * * Note: The filter is evaluated on both the front end and back end, * including for the Inactive Widgets sidebar on the Widgets screen. * * @since 2.5.0 * * @see register_sidebar() * * @param array $params { * @type array $args { * An array of widget display arguments. * * @type string $name Name of the sidebar the widget is assigned to. * @type string $id ID of the sidebar the widget is assigned to. * @type string $description The sidebar description. * @type string $class CSS class applied to the sidebar container. * @type string $before_widget HTML markup to prepend to each widget in the sidebar. * @type string $after_widget HTML markup to append to each widget in the sidebar. * @type string $before_title HTML markup to prepend to the widget title when displayed. * @type string $after_title HTML markup to append to the widget title when displayed. * @type string $widget_id ID of the widget. * @type string $widget_name Name of the widget. * } * @type array $widget_args { * An array of multi-widget arguments. * * @type int $number Number increment used for multiples of the same widget. * } * } */ $params = apply_filters( 'dynamic_sidebar_params', $params ); $callback = $wp_registered_widgets[ $id ]['callback']; /** * Fires before a widget's display callback is called. * * Note: The action fires on both the front end and back end, including * for widgets in the Inactive Widgets sidebar on the Widgets screen. * * The action is not fired for empty sidebars. * * @since 3.0.0 * * @param array $widget { * An associative array of widget arguments. * * @type string $name Name of the widget. * @type string $id Widget ID. * @type callable $callback When the hook is fired on the front end, `$callback` is an array * containing the widget object. Fired on the back end, `$callback` * is 'wp_widget_control', see `$_callback`. * @type array $params An associative array of multi-widget arguments. * @type string $classname CSS class applied to the widget container. * @type string $description The widget description. * @type array $_callback When the hook is fired on the back end, `$_callback` is populated * with an array containing the widget object, see `$callback`. * } */ do_action( 'dynamic_sidebar', $wp_registered_widgets[ $id ] ); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); $did_one = true; } } if ( ! is_admin() && ! empty( $sidebar['after_sidebar'] ) ) { echo $sidebar['after_sidebar']; } /** * Fires after widgets are rendered in a dynamic sidebar. * * Note: The action also fires for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. * @param bool $has_widgets Whether the sidebar is populated with widgets. * Default true. */ do_action( 'dynamic_sidebar_after', $index, true ); /** * Filters whether a sidebar has widgets. * * Note: The filter is also evaluated for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param bool $did_one Whether at least one widget was rendered in the sidebar. * Default false. * @param int|string $index Index, name, or ID of the dynamic sidebar. */ return apply_filters( 'dynamic_sidebar_has_widgets', $did_one, $index ); } /** * Determines whether a given widget is displayed on the front end. * * Either $callback or $id_base can be used. * $id_base is the first argument when extending WP_Widget class. * Without the optional $widget_id parameter, returns the ID of the first sidebar * in which the first instance of the widget with the given callback or $id_base is found. * With the $widget_id parameter, returns the ID of the sidebar where * the widget with that callback/$id_base AND that ID is found. * * NOTE: $widget_id and $id_base are the same for single widgets. To be effective * this function has to run after widgets have initialized, at action {@see 'init'} or later. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. * * @param callable|false $callback Optional. Widget callback to check. Default false. * @param string|false $widget_id Optional. Widget ID. Optional, but needed for checking. * Default false. * @param string|false $id_base Optional. The base ID of a widget created by extending WP_Widget. * Default false. * @param bool $skip_inactive Optional. Whether to check in 'wp_inactive_widgets'. * Default true. * @return string|false ID of the sidebar in which the widget is active, * false if the widget is not active. */ function is_active_widget( $callback = false, $widget_id = false, $id_base = false, $skip_inactive = true ) { global $wp_registered_widgets; $sidebars_widgets = wp_get_sidebars_widgets(); if ( is_array( $sidebars_widgets ) ) { foreach ( $sidebars_widgets as $sidebar => $widgets ) { if ( $skip_inactive && ( 'wp_inactive_widgets' === $sidebar || str_starts_with( $sidebar, 'orphaned_widgets' ) ) ) { continue; } if ( is_array( $widgets ) ) { foreach ( $widgets as $widget ) { if ( ( $callback && isset( $wp_registered_widgets[ $widget ]['callback'] ) && $wp_registered_widgets[ $widget ]['callback'] === $callback ) || ( $id_base && _get_widget_id_base( $widget ) === $id_base ) ) { if ( ! $widget_id || $widget_id === $wp_registered_widgets[ $widget ]['id'] ) { return $sidebar; } } } } } } return false; } /** * Determines whether the dynamic sidebar is enabled and used by the theme. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. * @global array $wp_registered_sidebars The registered sidebars. * * @return bool True if using widgets, false otherwise. */ function is_dynamic_sidebar() { global $wp_registered_widgets, $wp_registered_sidebars; $sidebars_widgets = get_option( 'sidebars_widgets' ); foreach ( (array) $wp_registered_sidebars as $index => $sidebar ) { if ( ! empty( $sidebars_widgets[ $index ] ) ) { foreach ( (array) $sidebars_widgets[ $index ] as $widget ) { if ( array_key_exists( $widget, $wp_registered_widgets ) ) { return true; } } } } return false; } /** * Determines whether a sidebar contains widgets. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.8.0 * * @param string|int $index Sidebar name, id or number to check. * @return bool True if the sidebar has widgets, false otherwise. */ function is_active_sidebar( $index ) { $index = ( is_int( $index ) ) ? "sidebar-$index" : sanitize_title( $index ); $sidebars_widgets = wp_get_sidebars_widgets(); $is_active_sidebar = ! empty( $sidebars_widgets[ $index ] ); /** * Filters whether a dynamic sidebar is considered "active". * * @since 3.9.0 * * @param bool $is_active_sidebar Whether or not the sidebar should be considered "active". * In other words, whether the sidebar contains any widgets. * @param int|string $index Index, name, or ID of the dynamic sidebar. */ return apply_filters( 'is_active_sidebar', $is_active_sidebar, $index ); } // // Internal Functions. // /** * Retrieves the full list of sidebars and their widget instance IDs. * * Will upgrade sidebar widget list, if needed. Will also save updated list, if * needed. * * @since 2.2.0 * @access private * * @global array $_wp_sidebars_widgets * @global array $sidebars_widgets * * @param bool $deprecated Not used (argument deprecated). * @return array Upgraded list of widgets to version 3 array format when called from the admin. */ function wp_get_sidebars_widgets( $deprecated = true ) { if ( true !== $deprecated ) { _deprecated_argument( __FUNCTION__, '2.8.1' ); } global $_wp_sidebars_widgets, $sidebars_widgets; /* * If loading from front page, consult $_wp_sidebars_widgets rather than options * to see if wp_convert_widget_settings() has made manipulations in memory. */ if ( ! is_admin() ) { if ( empty( $_wp_sidebars_widgets ) ) { $_wp_sidebars_widgets = get_option( 'sidebars_widgets', array() ); } $sidebars_widgets = $_wp_sidebars_widgets; } else { $sidebars_widgets = get_option( 'sidebars_widgets', array() ); } if ( is_array( $sidebars_widgets ) && isset( $sidebars_widgets['array_version'] ) ) { unset( $sidebars_widgets['array_version'] ); } /** * Filters the list of sidebars and their widgets. * * @since 2.7.0 * * @param array $sidebars_widgets An associative array of sidebars and their widgets. */ return apply_filters( 'sidebars_widgets', $sidebars_widgets ); } /** * Retrieves the registered sidebar with the given ID. * * @since 5.9.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string $id The sidebar ID. * @return array|null The discovered sidebar, or null if it is not registered. */ function wp_get_sidebar( $id ) { global $wp_registered_sidebars; foreach ( (array) $wp_registered_sidebars as $sidebar ) { if ( $sidebar['id'] === $id ) { return $sidebar; } } if ( 'wp_inactive_widgets' === $id ) { return array( 'id' => 'wp_inactive_widgets', 'name' => __( 'Inactive widgets' ), ); } return null; } /** * Sets the sidebar widget option to update sidebars. * * @since 2.2.0 * @access private * * @global array $_wp_sidebars_widgets * @param array $sidebars_widgets Sidebar widgets and their settings. */ function wp_set_sidebars_widgets( $sidebars_widgets ) { global $_wp_sidebars_widgets; // Clear cached value used in wp_get_sidebars_widgets(). $_wp_sidebars_widgets = null; if ( ! isset( $sidebars_widgets['array_version'] ) ) { $sidebars_widgets['array_version'] = 3; } update_option( 'sidebars_widgets', $sidebars_widgets ); } /** * Retrieves default registered sidebars list. * * @since 2.2.0 * @access private * * @global array $wp_registered_sidebars The registered sidebars. * * @return array */ function wp_get_widget_defaults() { global $wp_registered_sidebars; $defaults = array(); foreach ( (array) $wp_registered_sidebars as $index => $sidebar ) { $defaults[ $index ] = array(); } return $defaults; } /** * Converts the widget settings from single to multi-widget format. * * @since 2.8.0 * * @global array $_wp_sidebars_widgets * * @param string $base_name Root ID for all widgets of this type. * @param string $option_name Option name for this widget type. * @param array $settings The array of widget instance settings. * @return array The array of widget settings converted to multi-widget format. */ function wp_convert_widget_settings( $base_name, $option_name, $settings ) { // This test may need expanding. $single = false; $changed = false; if ( empty( $settings ) ) { $single = true; } else { foreach ( array_keys( $settings ) as $number ) { if ( 'number' === $number ) { continue; } if ( ! is_numeric( $number ) ) { $single = true; break; } } } if ( $single ) { $settings = array( 2 => $settings ); // If loading from the front page, update sidebar in memory but don't save to options. if ( is_admin() ) { $sidebars_widgets = get_option( 'sidebars_widgets' ); } else { if ( empty( $GLOBALS['_wp_sidebars_widgets'] ) ) { $GLOBALS['_wp_sidebars_widgets'] = get_option( 'sidebars_widgets', array() ); } $sidebars_widgets = &$GLOBALS['_wp_sidebars_widgets']; } foreach ( (array) $sidebars_widgets as $index => $sidebar ) { if ( is_array( $sidebar ) ) { foreach ( $sidebar as $i => $name ) { if ( $base_name === $name ) { $sidebars_widgets[ $index ][ $i ] = "$name-2"; $changed = true; break 2; } } } } if ( is_admin() && $changed ) { update_option( 'sidebars_widgets', $sidebars_widgets ); } } $settings['_multiwidget'] = 1; if ( is_admin() ) { update_option( $option_name, $settings ); } return $settings; } /** * Outputs an arbitrary widget as a template tag. * * @since 2.8.0 * * @global WP_Widget_Factory $wp_widget_factory * * @param string $widget The widget's PHP class name (see class-wp-widget.php). * @param array $instance Optional. The widget's instance settings. Default empty array. * @param array $args { * Optional. Array of arguments to configure the display of the widget. * * @type string $before_widget HTML content that will be prepended to the widget's HTML output. * Default `<div class="widget %s">`, where `%s` is the widget's class name. * @type string $after_widget HTML content that will be appended to the widget's HTML output. * Default `</div>`. * @type string $before_title HTML content that will be prepended to the widget's title when displayed. * Default `<h2 class="widgettitle">`. * @type string $after_title HTML content that will be appended to the widget's title when displayed. * Default `</h2>`. * } */ function the_widget( $widget, $instance = array(), $args = array() ) { global $wp_widget_factory; if ( ! isset( $wp_widget_factory->widgets[ $widget ] ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: register_widget() */ __( 'Widgets need to be registered using %s, before they can be displayed.' ), '<code>register_widget()</code>' ), '4.9.0' ); return; } $widget_obj = $wp_widget_factory->widgets[ $widget ]; if ( ! ( $widget_obj instanceof WP_Widget ) ) { return; } $default_args = array( 'before_widget' => '<div class="widget %s">', 'after_widget' => '</div>', 'before_title' => '<h2 class="widgettitle">', 'after_title' => '</h2>', ); $args = wp_parse_args( $args, $default_args ); $args['before_widget'] = sprintf( $args['before_widget'], $widget_obj->widget_options['classname'] ); $instance = wp_parse_args( $instance ); /** This filter is documented in wp-includes/class-wp-widget.php */ $instance = apply_filters( 'widget_display_callback', $instance, $widget_obj, $args ); if ( false === $instance ) { return; } /** * Fires before rendering the requested widget. * * @since 3.0.0 * * @param string $widget The widget's class name. * @param array $instance The current widget instance's settings. * @param array $args An array of the widget's sidebar arguments. */ do_action( 'the_widget', $widget, $instance, $args ); $widget_obj->_set( -1 ); $widget_obj->widget( $args, $instance ); } /** * Retrieves the widget ID base value. * * @since 2.8.0 * * @param string $id Widget ID. * @return string Widget ID base. */ function _get_widget_id_base( $id ) { return preg_replace( '/-[0-9]+$/', '', $id ); } /** * Handles sidebars config after theme change. * * @access private * @since 3.3.0 * * @global array $sidebars_widgets */ function _wp_sidebars_changed() { global $sidebars_widgets; if ( ! is_array( $sidebars_widgets ) ) { $sidebars_widgets = wp_get_sidebars_widgets(); } retrieve_widgets( true ); } /** * Validates and remaps any "orphaned" widgets to wp_inactive_widgets sidebar, * and saves the widget settings. This has to run at least on each theme change. * * For example, let's say theme A has a "footer" sidebar, and theme B doesn't have one. * After switching from theme A to theme B, all the widgets previously assigned * to the footer would be inaccessible. This function detects this scenario, and * moves all the widgets previously assigned to the footer under wp_inactive_widgets. * * Despite the word "retrieve" in the name, this function actually updates the database * and the global `$sidebars_widgets`. For that reason it should not be run on front end, * unless the `$theme_changed` value is 'customize' (to bypass the database write). * * @since 2.8.0 * * @global array $wp_registered_sidebars The registered sidebars. * @global array $sidebars_widgets * @global array $wp_registered_widgets The registered widgets. * * @param string|bool $theme_changed Whether the theme was changed as a boolean. A value * of 'customize' defers updates for the Customizer. * @return array Updated sidebars widgets. */ function retrieve_widgets( $theme_changed = false ) { global $wp_registered_sidebars, $sidebars_widgets, $wp_registered_widgets; $registered_sidebars_keys = array_keys( $wp_registered_sidebars ); $registered_widgets_ids = array_keys( $wp_registered_widgets ); if ( ! is_array( get_theme_mod( 'sidebars_widgets' ) ) ) { if ( empty( $sidebars_widgets ) ) { return array(); } unset( $sidebars_widgets['array_version'] ); $sidebars_widgets_keys = array_keys( $sidebars_widgets ); sort( $sidebars_widgets_keys ); sort( $registered_sidebars_keys ); if ( $sidebars_widgets_keys === $registered_sidebars_keys ) { $sidebars_widgets = _wp_remove_unregistered_widgets( $sidebars_widgets, $registered_widgets_ids ); return $sidebars_widgets; } } // Discard invalid, theme-specific widgets from sidebars. $sidebars_widgets = _wp_remove_unregistered_widgets( $sidebars_widgets, $registered_widgets_ids ); $sidebars_widgets = wp_map_sidebars_widgets( $sidebars_widgets ); // Replace non-array values inside the array with an empty array. foreach ( $sidebars_widgets as $key => $value ) { if ( ! is_array( $value ) ) { $sidebars_widgets[ $key ] = array(); } } // Find hidden/lost multi-widget instances. $shown_widgets = array_merge( ...array_values( $sidebars_widgets ) ); $lost_widgets = array_diff( $registered_widgets_ids, $shown_widgets ); foreach ( $lost_widgets as $key => $widget_id ) { $number = preg_replace( '/.+?-([0-9]+)$/', '$1', $widget_id ); // Only keep active and default widgets. if ( is_numeric( $number ) && (int) $number < 2 ) { unset( $lost_widgets[ $key ] ); } } $sidebars_widgets['wp_inactive_widgets'] = array_merge( $lost_widgets, (array) $sidebars_widgets['wp_inactive_widgets'] ); if ( 'customize' !== $theme_changed ) { // Update the widgets settings in the database. wp_set_sidebars_widgets( $sidebars_widgets ); } return $sidebars_widgets; } /** * Compares a list of sidebars with their widgets against an allowed list. * * @since 4.9.0 * @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping. * * @global array $wp_registered_sidebars The registered sidebars. * * @param array $existing_sidebars_widgets List of sidebars and their widget instance IDs. * @return array Mapped sidebars widgets. */ function wp_map_sidebars_widgets( $existing_sidebars_widgets ) { global $wp_registered_sidebars; $new_sidebars_widgets = array( 'wp_inactive_widgets' => array(), ); // Short-circuit if there are no sidebars to map. if ( ! is_array( $existing_sidebars_widgets ) || empty( $existing_sidebars_widgets ) ) { return $new_sidebars_widgets; } foreach ( $existing_sidebars_widgets as $sidebar => $widgets ) { if ( 'wp_inactive_widgets' === $sidebar || str_starts_with( $sidebar, 'orphaned_widgets' ) ) { $new_sidebars_widgets['wp_inactive_widgets'] = array_merge( $new_sidebars_widgets['wp_inactive_widgets'], (array) $widgets ); unset( $existing_sidebars_widgets[ $sidebar ] ); } } // If old and new theme have just one sidebar, map it and we're done. if ( 1 === count( $existing_sidebars_widgets ) && 1 === count( $wp_registered_sidebars ) ) { $new_sidebars_widgets[ key( $wp_registered_sidebars ) ] = array_pop( $existing_sidebars_widgets ); return $new_sidebars_widgets; } // Map locations with the same slug. $existing_sidebars = array_keys( $existing_sidebars_widgets ); foreach ( $wp_registered_sidebars as $sidebar => $name ) { if ( in_array( $sidebar, $existing_sidebars, true ) ) { $new_sidebars_widgets[ $sidebar ] = $existing_sidebars_widgets[ $sidebar ]; unset( $existing_sidebars_widgets[ $sidebar ] ); } elseif ( ! array_key_exists( $sidebar, $new_sidebars_widgets ) ) { $new_sidebars_widgets[ $sidebar ] = array(); } } // If there are more sidebars, try to map them. if ( ! empty( $existing_sidebars_widgets ) ) { /* * If old and new theme both have sidebars that contain phrases * from within the same group, make an educated guess and map it. */ $common_slug_groups = array( array( 'sidebar', 'primary', 'main', 'right' ), array( 'second', 'left' ), array( 'sidebar-2', 'footer', 'bottom' ), array( 'header', 'top' ), ); // Go through each group... foreach ( $common_slug_groups as $slug_group ) { // ...and see if any of these slugs... foreach ( $slug_group as $slug ) { // ...and any of the new sidebars... foreach ( $wp_registered_sidebars as $new_sidebar => $args ) { // ...actually match! if ( false === stripos( $new_sidebar, $slug ) && false === stripos( $slug, $new_sidebar ) ) { continue; } // Then see if any of the existing sidebars... foreach ( $existing_sidebars_widgets as $sidebar => $widgets ) { // ...and any slug in the same group... foreach ( $slug_group as $slug ) { // ... have a match as well. if ( false === stripos( $sidebar, $slug ) && false === stripos( $slug, $sidebar ) ) { continue; } // Make sure this sidebar wasn't mapped and removed previously. if ( ! empty( $existing_sidebars_widgets[ $sidebar ] ) ) { // We have a match that can be mapped! $new_sidebars_widgets[ $new_sidebar ] = array_merge( $new_sidebars_widgets[ $new_sidebar ], $existing_sidebars_widgets[ $sidebar ] ); // Remove the mapped sidebar so it can't be mapped again. unset( $existing_sidebars_widgets[ $sidebar ] ); // Go back and check the next new sidebar. continue 3; } } // End foreach ( $slug_group as $slug ). } // End foreach ( $existing_sidebars_widgets as $sidebar => $widgets ). } // End foreach ( $wp_registered_sidebars as $new_sidebar => $args ). } // End foreach ( $slug_group as $slug ). } // End foreach ( $common_slug_groups as $slug_group ). } // Move any left over widgets to inactive sidebar. foreach ( $existing_sidebars_widgets as $widgets ) { if ( is_array( $widgets ) && ! empty( $widgets ) ) { $new_sidebars_widgets['wp_inactive_widgets'] = array_merge( $new_sidebars_widgets['wp_inactive_widgets'], $widgets ); } } // Sidebars_widgets settings from when this theme was previously active. $old_sidebars_widgets = get_theme_mod( 'sidebars_widgets' ); $old_sidebars_widgets = isset( $old_sidebars_widgets['data'] ) ? $old_sidebars_widgets['data'] : false; if ( is_array( $old_sidebars_widgets ) ) { // Remove empty sidebars, no need to map those. $old_sidebars_widgets = array_filter( $old_sidebars_widgets ); // Only check sidebars that are empty or have not been mapped to yet. foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ) { if ( array_key_exists( $new_sidebar, $old_sidebars_widgets ) && ! empty( $new_widgets ) ) { unset( $old_sidebars_widgets[ $new_sidebar ] ); } } // Remove orphaned widgets, we're only interested in previously active sidebars. foreach ( $old_sidebars_widgets as $sidebar => $widgets ) { if ( str_starts_with( $sidebar, 'orphaned_widgets' ) ) { unset( $old_sidebars_widgets[ $sidebar ] ); } } $old_sidebars_widgets = _wp_remove_unregistered_widgets( $old_sidebars_widgets ); // Replace non-array values inside the array with an empty array. foreach ( $new_sidebars_widgets as $key => $value ) { if ( ! is_array( $value ) ) { $new_sidebars_widgets[ $key ] = array(); } } if ( ! empty( $old_sidebars_widgets ) ) { // Go through each remaining sidebar... foreach ( $old_sidebars_widgets as $old_sidebar => $old_widgets ) { // ...and check every new sidebar... foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ) { // ...for every widget we're trying to revive. foreach ( $old_widgets as $key => $widget_id ) { $active_key = array_search( $widget_id, $new_widgets, true ); // If the widget is used elsewhere... if ( false !== $active_key ) { // ...and that elsewhere is inactive widgets... if ( 'wp_inactive_widgets' === $new_sidebar ) { // ...remove it from there and keep the active version... unset( $new_sidebars_widgets['wp_inactive_widgets'][ $active_key ] ); } else { // ...otherwise remove it from the old sidebar and keep it in the new one. unset( $old_sidebars_widgets[ $old_sidebar ][ $key ] ); } } // End if ( $active_key ). } // End foreach ( $old_widgets as $key => $widget_id ). } // End foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ). } // End foreach ( $old_sidebars_widgets as $old_sidebar => $old_widgets ). } // End if ( ! empty( $old_sidebars_widgets ) ). // Restore widget settings from when theme was previously active. $new_sidebars_widgets = array_merge( $new_sidebars_widgets, $old_sidebars_widgets ); } return $new_sidebars_widgets; } /** * Compares a list of sidebars with their widgets against an allowed list. * * @since 4.9.0 * * @global array $wp_registered_widgets The registered widgets. * * @param array $sidebars_widgets List of sidebars and their widget instance IDs. * @param array $allowed_widget_ids Optional. List of widget IDs to compare against. Default: Registered widgets. * @return array Sidebars with allowed widgets. */ function _wp_remove_unregistered_widgets( $sidebars_widgets, $allowed_widget_ids = array() ) { if ( empty( $allowed_widget_ids ) ) { $allowed_widget_ids = array_keys( $GLOBALS['wp_registered_widgets'] ); } foreach ( $sidebars_widgets as $sidebar => $widgets ) { if ( is_array( $widgets ) ) { $sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $allowed_widget_ids ); } } return $sidebars_widgets; } /** * Displays the RSS entries in a list. * * @since 2.5.0 * * @param string|array|object $rss RSS url. * @param array $args Widget arguments. */ function wp_widget_rss_output( $rss, $args = array() ) { if ( is_string( $rss ) ) { $rss = fetch_feed( $rss ); } elseif ( is_array( $rss ) && isset( $rss['url'] ) ) { $args = $rss; $rss = fetch_feed( $rss['url'] ); } elseif ( ! is_object( $rss ) ) { return; } if ( is_wp_error( $rss ) ) { if ( is_admin() || current_user_can( 'manage_options' ) ) { echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</p>'; } return; } $default_args = array( 'show_author' => 0, 'show_date' => 0, 'show_summary' => 0, 'items' => 0, ); $args = wp_parse_args( $args, $default_args ); $items = (int) $args['items']; if ( $items < 1 || 20 < $items ) { $items = 10; } $show_summary = (int) $args['show_summary']; $show_author = (int) $args['show_author']; $show_date = (int) $args['show_date']; if ( ! $rss->get_item_quantity() ) { echo '<ul><li>' . __( 'An error has occurred, which probably means the feed is down. Try again later.' ) . '</li></ul>'; $rss->__destruct(); unset( $rss ); return; } echo '<ul>'; foreach ( $rss->get_items( 0, $items ) as $item ) { $link = $item->get_link(); while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) { $link = substr( $link, 1 ); } $link = esc_url( strip_tags( $link ) ); $title = esc_html( trim( strip_tags( $item->get_title() ) ) ); if ( empty( $title ) ) { $title = __( 'Untitled' ); } $desc = html_entity_decode( $item->get_description(), ENT_QUOTES, get_option( 'blog_charset' ) ); $desc = esc_attr( wp_trim_words( $desc, 55, ' […]' ) ); $summary = ''; if ( $show_summary ) { $summary = $desc; // Change existing [...] to […]. if ( str_ends_with( $summary, '[...]' ) ) { $summary = substr( $summary, 0, -5 ) . '[…]'; } $summary = '<div class="rssSummary">' . esc_html( $summary ) . '</div>'; } $date = ''; if ( $show_date ) { $date = $item->get_date( 'U' ); if ( $date ) { $date = ' <span class="rss-date">' . date_i18n( get_option( 'date_format' ), $date ) . '</span>'; } } $author = ''; if ( $show_author ) { $author = $item->get_author(); if ( is_object( $author ) ) { $author = $author->get_name(); $author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>'; } } if ( '' === $link ) { echo "<li>$title{$date}{$summary}{$author}</li>"; } elseif ( $show_summary ) { echo "<li><a class='rsswidget' href='$link'>$title</a>{$date}{$summary}{$author}</li>"; } else { echo "<li><a class='rsswidget' href='$link'>$title</a>{$date}{$author}</li>"; } } echo '</ul>'; $rss->__destruct(); unset( $rss ); } /** * Displays RSS widget options form. * * The options for what fields are displayed for the RSS form are all booleans * and are as follows: 'url', 'title', 'items', 'show_summary', 'show_author', * 'show_date'. * * @since 2.5.0 * * @param array|string $args Values for input fields. * @param array $inputs Override default display options. */ function wp_widget_rss_form( $args, $inputs = null ) { $default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true, ); $inputs = wp_parse_args( $inputs, $default_inputs ); $args['title'] = isset( $args['title'] ) ? $args['title'] : ''; $args['url'] = isset( $args['url'] ) ? $args['url'] : ''; $args['items'] = isset( $args['items'] ) ? (int) $args['items'] : 0; if ( $args['items'] < 1 || 20 < $args['items'] ) { $args['items'] = 10; } $args['show_summary'] = isset( $args['show_summary'] ) ? (int) $args['show_summary'] : (int) $inputs['show_summary']; $args['show_author'] = isset( $args['show_author'] ) ? (int) $args['show_author'] : (int) $inputs['show_author']; $args['show_date'] = isset( $args['show_date'] ) ? (int) $args['show_date'] : (int) $inputs['show_date']; if ( ! empty( $args['error'] ) ) { echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $args['error'] ) . '</p>'; } $esc_number = esc_attr( $args['number'] ); if ( $inputs['url'] ) : ?> <p><label for="rss-url-<?php echo $esc_number; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label> <input class="widefat" id="rss-url-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][url]" type="text" value="<?php echo esc_url( $args['url'] ); ?>" /></p> <?php endif; if ( $inputs['title'] ) : ?> <p><label for="rss-title-<?php echo $esc_number; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label> <input class="widefat" id="rss-title-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][title]" type="text" value="<?php echo esc_attr( $args['title'] ); ?>" /></p> <?php endif; if ( $inputs['items'] ) : ?> <p><label for="rss-items-<?php echo $esc_number; ?>"><?php _e( 'How many items would you like to display?' ); ?></label> <select id="rss-items-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][items]"> <?php for ( $i = 1; $i <= 20; ++$i ) { echo "<option value='$i' " . selected( $args['items'], $i, false ) . ">$i</option>"; } ?> </select></p> <?php endif; if ( $inputs['show_summary'] || $inputs['show_author'] || $inputs['show_date'] ) : ?> <p> <?php if ( $inputs['show_summary'] ) : ?> <input id="rss-show-summary-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> /> <label for="rss-show-summary-<?php echo $esc_number; ?>"><?php _e( 'Display item content?' ); ?></label><br /> <?php endif; if ( $inputs['show_author'] ) : ?> <input id="rss-show-author-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> /> <label for="rss-show-author-<?php echo $esc_number; ?>"><?php _e( 'Display item author if available?' ); ?></label><br /> <?php endif; if ( $inputs['show_date'] ) : ?> <input id="rss-show-date-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?> /> <label for="rss-show-date-<?php echo $esc_number; ?>"><?php _e( 'Display item date?' ); ?></label><br /> <?php endif; ?> </p> <?php endif; // End of display options. foreach ( array_keys( $default_inputs ) as $input ) : if ( 'hidden' === $inputs[ $input ] ) : $id = str_replace( '_', '-', $input ); ?> <input type="hidden" id="rss-<?php echo esc_attr( $id ); ?>-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][<?php echo esc_attr( $input ); ?>]" value="<?php echo esc_attr( $args[ $input ] ); ?>" /> <?php endif; endforeach; } /** * Processes RSS feed widget data and optionally retrieve feed items. * * The feed widget can not have more than 20 items or it will reset back to the * default, which is 10. * * The resulting array has the feed title, feed url, feed link (from channel), * feed items, error (if any), and whether to show summary, author, and date. * All respectively in the order of the array elements. * * @since 2.5.0 * * @param array $widget_rss RSS widget feed data. Expects unescaped data. * @param bool $check_feed Optional. Whether to check feed for errors. Default true. * @return array */ function wp_widget_rss_process( $widget_rss, $check_feed = true ) { $items = (int) $widget_rss['items']; if ( $items < 1 || 20 < $items ) { $items = 10; } $url = sanitize_url( strip_tags( $widget_rss['url'] ) ); $title = isset( $widget_rss['title'] ) ? trim( strip_tags( $widget_rss['title'] ) ) : ''; $show_summary = isset( $widget_rss['show_summary'] ) ? (int) $widget_rss['show_summary'] : 0; $show_author = isset( $widget_rss['show_author'] ) ? (int) $widget_rss['show_author'] : 0; $show_date = isset( $widget_rss['show_date'] ) ? (int) $widget_rss['show_date'] : 0; $error = false; $link = ''; if ( $check_feed ) { $rss = fetch_feed( $url ); if ( is_wp_error( $rss ) ) { $error = $rss->get_error_message(); } else { $link = esc_url( strip_tags( $rss->get_permalink() ) ); while ( stristr( $link, 'http' ) !== $link ) { $link = substr( $link, 1 ); } $rss->__destruct(); unset( $rss ); } } return compact( 'title', 'url', 'link', 'items', 'error', 'show_summary', 'show_author', 'show_date' ); } /** * Registers all of the default WordPress widgets on startup. * * Calls {@see 'widgets_init'} action after all of the WordPress widgets have been registered. * * @since 2.2.0 */ function wp_widgets_init() { if ( ! is_blog_installed() ) { return; } register_widget( 'WP_Widget_Pages' ); register_widget( 'WP_Widget_Calendar' ); register_widget( 'WP_Widget_Archives' ); if ( get_option( 'link_manager_enabled' ) ) { register_widget( 'WP_Widget_Links' ); } register_widget( 'WP_Widget_Media_Audio' ); register_widget( 'WP_Widget_Media_Image' ); register_widget( 'WP_Widget_Media_Gallery' ); register_widget( 'WP_Widget_Media_Video' ); register_widget( 'WP_Widget_Meta' ); register_widget( 'WP_Widget_Search' ); register_widget( 'WP_Widget_Text' ); register_widget( 'WP_Widget_Categories' ); register_widget( 'WP_Widget_Recent_Posts' ); register_widget( 'WP_Widget_Recent_Comments' ); register_widget( 'WP_Widget_RSS' ); register_widget( 'WP_Widget_Tag_Cloud' ); register_widget( 'WP_Nav_Menu_Widget' ); register_widget( 'WP_Widget_Custom_HTML' ); register_widget( 'WP_Widget_Block' ); /** * Fires after all default WordPress widgets have been registered. * * @since 2.2.0 */ do_action( 'widgets_init' ); } /** * Enables the widgets block editor. This is hooked into 'after_setup_theme' so * that the block editor is enabled by default but can be disabled by themes. * * @since 5.8.0 * * @access private */ function wp_setup_widgets_block_editor() { add_theme_support( 'widgets-block-editor' ); } /** * Determines whether or not to use the block editor to manage widgets. * Defaults to true unless a theme has removed support for widgets-block-editor * or a plugin has filtered the return value of this function. * * @since 5.8.0 * * @return bool Whether to use the block editor to manage widgets. */ function wp_use_widgets_block_editor() { /** * Filters whether to use the block editor to manage widgets. * * @since 5.8.0 * * @param bool $use_widgets_block_editor Whether to use the block editor to manage widgets. */ return apply_filters( 'use_widgets_block_editor', get_theme_support( 'widgets-block-editor' ) ); } /** * Converts a widget ID into its id_base and number components. * * @since 5.8.0 * * @param string $id Widget ID. * @return array Array containing a widget's id_base and number components. */ function wp_parse_widget_id( $id ) { $parsed = array(); if ( preg_match( '/^(.+)-(\d+)$/', $id, $matches ) ) { $parsed['id_base'] = $matches[1]; $parsed['number'] = (int) $matches[2]; } else { // Likely an old single widget. $parsed['id_base'] = $id; } return $parsed; } /** * Finds the sidebar that a given widget belongs to. * * @since 5.8.0 * * @param string $widget_id The widget ID to look for. * @return string|null The found sidebar's ID, or null if it was not found. */ function wp_find_widgets_sidebar( $widget_id ) { foreach ( wp_get_sidebars_widgets() as $sidebar_id => $widget_ids ) { foreach ( $widget_ids as $maybe_widget_id ) { if ( $maybe_widget_id === $widget_id ) { return (string) $sidebar_id; } } } return null; } /** * Assigns a widget to the given sidebar. * * @since 5.8.0 * * @param string $widget_id The widget ID to assign. * @param string $sidebar_id The sidebar ID to assign to. If empty, the widget won't be added to any sidebar. */ function wp_assign_widget_to_sidebar( $widget_id, $sidebar_id ) { $sidebars = wp_get_sidebars_widgets(); foreach ( $sidebars as $maybe_sidebar_id => $widgets ) { foreach ( $widgets as $i => $maybe_widget_id ) { if ( $widget_id === $maybe_widget_id && $sidebar_id !== $maybe_sidebar_id ) { unset( $sidebars[ $maybe_sidebar_id ][ $i ] ); // We could technically break 2 here, but continue looping in case the ID is duplicated. continue 2; } } } if ( $sidebar_id ) { $sidebars[ $sidebar_id ][] = $widget_id; } wp_set_sidebars_widgets( $sidebars ); } /** * Calls the render callback of a widget and returns the output. * * @since 5.8.0 * * @global array $wp_registered_widgets The registered widgets. * @global array $wp_registered_sidebars The registered sidebars. * * @param string $widget_id Widget ID. * @param string $sidebar_id Sidebar ID. * @return string */ function wp_render_widget( $widget_id, $sidebar_id ) { global $wp_registered_widgets, $wp_registered_sidebars; if ( ! isset( $wp_registered_widgets[ $widget_id ] ) ) { return ''; } if ( isset( $wp_registered_sidebars[ $sidebar_id ] ) ) { $sidebar = $wp_registered_sidebars[ $sidebar_id ]; } elseif ( 'wp_inactive_widgets' === $sidebar_id ) { $sidebar = array(); } else { return ''; } $params = array_merge( array( array_merge( $sidebar, array( 'widget_id' => $widget_id, 'widget_name' => $wp_registered_widgets[ $widget_id ]['name'], ) ), ), (array) $wp_registered_widgets[ $widget_id ]['params'] ); // Substitute HTML `id` and `class` attributes into `before_widget`. $classname_ = ''; foreach ( (array) $wp_registered_widgets[ $widget_id ]['classname'] as $cn ) { if ( is_string( $cn ) ) { $classname_ .= '_' . $cn; } elseif ( is_object( $cn ) ) { $classname_ .= '_' . get_class( $cn ); } } $classname_ = ltrim( $classname_, '_' ); $params[0]['before_widget'] = sprintf( $params[0]['before_widget'], $widget_id, $classname_ ); /** This filter is documented in wp-includes/widgets.php */ $params = apply_filters( 'dynamic_sidebar_params', $params ); $callback = $wp_registered_widgets[ $widget_id ]['callback']; ob_start(); /** This filter is documented in wp-includes/widgets.php */ do_action( 'dynamic_sidebar', $wp_registered_widgets[ $widget_id ] ); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); } return ob_get_clean(); } /** * Calls the control callback of a widget and returns the output. * * @since 5.8.0 * * @global array $wp_registered_widget_controls The registered widget controls. * * @param string $id Widget ID. * @return string|null */ function wp_render_widget_control( $id ) { global $wp_registered_widget_controls; if ( ! isset( $wp_registered_widget_controls[ $id ]['callback'] ) ) { return null; } $callback = $wp_registered_widget_controls[ $id ]['callback']; $params = $wp_registered_widget_controls[ $id ]['params']; ob_start(); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); } return ob_get_clean(); } /** * Displays a _doing_it_wrong() message for conflicting widget editor scripts. * * The 'wp-editor' script module is exposed as window.wp.editor. This overrides * the legacy TinyMCE editor module which is required by the widgets editor. * Because of that conflict, these two shouldn't be enqueued together. * See https://core.trac.wordpress.org/ticket/53569. * * There is also another conflict related to styles where the block widgets * editor is hidden if a block enqueues 'wp-edit-post' stylesheet. * See https://core.trac.wordpress.org/ticket/53569. * * @since 5.8.0 * @access private * * @global WP_Scripts $wp_scripts * @global WP_Styles $wp_styles */ function wp_check_widget_editor_deps() { global $wp_scripts, $wp_styles; if ( $wp_scripts->query( 'wp-edit-widgets', 'enqueued' ) || $wp_scripts->query( 'wp-customize-widgets', 'enqueued' ) ) { if ( $wp_scripts->query( 'wp-editor', 'enqueued' ) ) { _doing_it_wrong( 'wp_enqueue_script()', sprintf( /* translators: 1: 'wp-editor', 2: 'wp-edit-widgets', 3: 'wp-customize-widgets'. */ __( '"%1$s" script should not be enqueued together with the new widgets editor (%2$s or %3$s).' ), 'wp-editor', 'wp-edit-widgets', 'wp-customize-widgets' ), '5.8.0' ); } if ( $wp_styles->query( 'wp-edit-post', 'enqueued' ) ) { _doing_it_wrong( 'wp_enqueue_style()', sprintf( /* translators: 1: 'wp-edit-post', 2: 'wp-edit-widgets', 3: 'wp-customize-widgets'. */ __( '"%1$s" style should not be enqueued together with the new widgets editor (%2$s or %3$s).' ), 'wp-edit-post', 'wp-edit-widgets', 'wp-customize-widgets' ), '5.8.0' ); } } } /** * Registers the previous theme's sidebars for the block themes. * * @since 6.2.0 * @access private * * @global array $wp_registered_sidebars The registered sidebars. */ function _wp_block_theme_register_classic_sidebars() { global $wp_registered_sidebars; if ( ! wp_is_block_theme() ) { return; } $classic_sidebars = get_theme_mod( 'wp_classic_sidebars' ); if ( empty( $classic_sidebars ) ) { return; } // Don't use `register_sidebar` since it will enable the `widgets` support for a theme. foreach ( $classic_sidebars as $sidebar ) { $wp_registered_sidebars[ $sidebar['id'] ] = $sidebar; } } session.php 0000666 00000000402 15224716631 0006747 0 ustar 00 <?php /** * Session API * * @since 4.0.0 * @deprecated 4.7.0 */ _deprecated_file( basename( __FILE__ ), '4.7.0' ); require_once ABSPATH . WPINC . '/class-wp-session-tokens.php'; require_once ABSPATH . WPINC . '/class-wp-user-meta-session-tokens.php'; https-migration-20260622071915.php 0000666 00000011205 15224716631 0012010 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } editor.css 0000666 00000001637 15224716631 0006566 0 ustar 00 .block-library-html__edit .block-library-html__preview-overlay{ height:100%; left:0; position:absolute; top:0; width:100%; } .block-library-html__edit .block-editor-plain-text{ background:#fff !important; border:1px solid #1e1e1e !important; border-radius:2px !important; box-shadow:none !important; box-sizing:border-box; color:#1e1e1e !important; display:block; font-family:Menlo,Consolas,monaco,monospace !important; font-size:16px !important; max-height:250px; padding:12px !important; } @media (min-width:600px){ .block-library-html__edit .block-editor-plain-text{ font-size:13px !important; } } .block-library-html__edit .block-editor-plain-text:focus{ border-color:var(--wp-admin-theme-color) !important; box-shadow:0 0 0 1px var(--wp-admin-theme-color) !important; outline:2px solid #0000 !important; } .block-library-html__edit .block-editor-plain-text{ direction:ltr; } class-wp-customize-setting.php 0000666 00000072412 15224716631 0012522 0 ustar 00 <?php /** * WordPress Customize Setting classes * * @package WordPress * @subpackage Customize * @since 3.4.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } /** * Customize Setting class. * * Handles saving and sanitizing of settings. * * @since 3.4.0 * * @see WP_Customize_Manager * @link https://developer.wordpress.org/themes/customize-api */ #[AllowDynamicProperties] class WP_Customize_Setting { /** * Customizer bootstrap instance. * * @since 3.4.0 * @var WP_Customize_Manager */ public $manager; /** * Unique string identifier for the setting. * * @since 3.4.0 * @var string */ public $id; /** * Type of customize settings. * * @since 3.4.0 * @var string */ public $type = 'theme_mod'; /** * Capability required to edit this setting. * * @since 3.4.0 * @var string|array */ public $capability = 'edit_theme_options'; /** * Theme features required to support the setting. * * @since 3.4.0 * @var string|string[] */ public $theme_supports = ''; /** * The default value for the setting. * * @since 3.4.0 * @var string */ public $default = ''; /** * Options for rendering the live preview of changes in Customizer. * * Set this value to 'postMessage' to enable a custom JavaScript handler to render changes to this setting * as opposed to reloading the whole page. * * @since 3.4.0 * @var string */ public $transport = 'refresh'; /** * Server-side validation callback for the setting's value. * * @since 4.6.0 * @var callable */ public $validate_callback = ''; /** * Callback to filter a Customize setting value in un-slashed form. * * @since 3.4.0 * @var callable */ public $sanitize_callback = ''; /** * Callback to convert a Customize PHP setting value to a value that is JSON serializable. * * @since 3.4.0 * @var callable */ public $sanitize_js_callback = ''; /** * Whether or not the setting is initially dirty when created. * * This is used to ensure that a setting will be sent from the pane to the * preview when loading the Customizer. Normally a setting only is synced to * the preview if it has been changed. This allows the setting to be sent * from the start. * * @since 4.2.0 * @var bool */ public $dirty = false; /** * ID Data. * * @since 3.4.0 * @var array */ protected $id_data = array(); /** * Whether or not preview() was called. * * @since 4.4.0 * @var bool */ protected $is_previewed = false; /** * Cache of multidimensional values to improve performance. * * @since 4.4.0 * @var array */ protected static $aggregated_multidimensionals = array(); /** * Whether the multidimensional setting is aggregated. * * @since 4.4.0 * @var bool */ protected $is_multidimensional_aggregated = false; /** * Constructor. * * Any supplied $args override class property defaults. * * @since 3.4.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. * @param string $id A specific ID of the setting. * Can be a theme mod or option name. * @param array $args { * Optional. Array of properties for the new Setting object. Default empty array. * * @type string $type Type of the setting. Default 'theme_mod'. * @type string $capability Capability required for the setting. Default 'edit_theme_options' * @type string|string[] $theme_supports Theme features required to support the panel. Default is none. * @type string $default Default value for the setting. Default is empty string. * @type string $transport Options for rendering the live preview of changes in Customizer. * Using 'refresh' makes the change visible by reloading the whole preview. * Using 'postMessage' allows a custom JavaScript to handle live changes. * Default is 'refresh'. * @type callable $validate_callback Server-side validation callback for the setting's value. * @type callable $sanitize_callback Callback to filter a Customize setting value in un-slashed form. * @type callable $sanitize_js_callback Callback to convert a Customize PHP setting value to a value that is * JSON serializable. * @type bool $dirty Whether or not the setting is initially dirty when created. * } */ public function __construct( $manager, $id, $args = array() ) { $keys = array_keys( get_object_vars( $this ) ); foreach ( $keys as $key ) { if ( isset( $args[ $key ] ) ) { $this->$key = $args[ $key ]; } } $this->manager = $manager; $this->id = $id; // Parse the ID for array keys. $this->id_data['keys'] = preg_split( '/\[/', str_replace( ']', '', $this->id ) ); $this->id_data['base'] = array_shift( $this->id_data['keys'] ); // Rebuild the ID. $this->id = $this->id_data['base']; if ( ! empty( $this->id_data['keys'] ) ) { $this->id .= '[' . implode( '][', $this->id_data['keys'] ) . ']'; } if ( $this->validate_callback ) { add_filter( "customize_validate_{$this->id}", $this->validate_callback, 10, 3 ); } if ( $this->sanitize_callback ) { add_filter( "customize_sanitize_{$this->id}", $this->sanitize_callback, 10, 2 ); } if ( $this->sanitize_js_callback ) { add_filter( "customize_sanitize_js_{$this->id}", $this->sanitize_js_callback, 10, 2 ); } if ( 'option' === $this->type || 'theme_mod' === $this->type ) { // Other setting types can opt-in to aggregate multidimensional explicitly. $this->aggregate_multidimensional(); // Allow option settings to indicate whether they should be autoloaded. if ( 'option' === $this->type && isset( $args['autoload'] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] = $args['autoload']; } } } /** * Get parsed ID data for multidimensional setting. * * @since 4.4.0 * * @return array { * ID data for multidimensional setting. * * @type string $base ID base * @type array $keys Keys for multidimensional array. * } */ final public function id_data() { return $this->id_data; } /** * Set up the setting for aggregated multidimensional values. * * When a multidimensional setting gets aggregated, all of its preview and update * calls get combined into one call, greatly improving performance. * * @since 4.4.0 */ protected function aggregate_multidimensional() { $id_base = $this->id_data['base']; if ( ! isset( self::$aggregated_multidimensionals[ $this->type ] ) ) { self::$aggregated_multidimensionals[ $this->type ] = array(); } if ( ! isset( self::$aggregated_multidimensionals[ $this->type ][ $id_base ] ) ) { self::$aggregated_multidimensionals[ $this->type ][ $id_base ] = array( 'previewed_instances' => array(), // Calling preview() will add the $setting to the array. 'preview_applied_instances' => array(), // Flags for which settings have had their values applied. 'root_value' => $this->get_root_value( array() ), // Root value for initial state, manipulated by preview and update calls. ); } if ( ! empty( $this->id_data['keys'] ) ) { // Note the preview-applied flag is cleared at priority 9 to ensure it is cleared before a deferred-preview runs. add_action( "customize_post_value_set_{$this->id}", array( $this, '_clear_aggregated_multidimensional_preview_applied_flag' ), 9 ); $this->is_multidimensional_aggregated = true; } } /** * Reset `$aggregated_multidimensionals` static variable. * * This is intended only for use by unit tests. * * @since 4.5.0 * @ignore */ public static function reset_aggregated_multidimensionals() { self::$aggregated_multidimensionals = array(); } /** * The ID for the current site when the preview() method was called. * * @since 4.2.0 * @var int */ protected $_previewed_blog_id; /** * Return true if the current site is not the same as the previewed site. * * @since 4.2.0 * * @return bool If preview() has been called. */ public function is_current_blog_previewed() { if ( ! isset( $this->_previewed_blog_id ) ) { return false; } return ( get_current_blog_id() === $this->_previewed_blog_id ); } /** * Original non-previewed value stored by the preview method. * * @see WP_Customize_Setting::preview() * @since 4.1.1 * @var mixed */ protected $_original_value; /** * Add filters to supply the setting's value when accessed. * * If the setting already has a pre-existing value and there is no incoming * post value for the setting, then this method will short-circuit since * there is no change to preview. * * @since 3.4.0 * @since 4.4.0 Added boolean return value. * * @return bool False when preview short-circuits due no change needing to be previewed. */ public function preview() { if ( ! isset( $this->_previewed_blog_id ) ) { $this->_previewed_blog_id = get_current_blog_id(); } // Prevent re-previewing an already-previewed setting. if ( $this->is_previewed ) { return true; } $id_base = $this->id_data['base']; $is_multidimensional = ! empty( $this->id_data['keys'] ); $multidimensional_filter = array( $this, '_multidimensional_preview_filter' ); /* * Check if the setting has a pre-existing value (an isset check), * and if doesn't have any incoming post value. If both checks are true, * then the preview short-circuits because there is nothing that needs * to be previewed. */ $undefined = new stdClass(); $needs_preview = ( $undefined !== $this->post_value( $undefined ) ); $value = null; // Since no post value was defined, check if we have an initial value set. if ( ! $needs_preview ) { if ( $this->is_multidimensional_aggregated ) { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root, $this->id_data['keys'], $undefined ); } else { $default = $this->default; $this->default = $undefined; // Temporarily set default to undefined so we can detect if existing value is set. $value = $this->value(); $this->default = $default; } $needs_preview = ( $undefined === $value ); // Because the default needs to be supplied. } // If the setting does not need previewing now, defer to when it has a value to preview. if ( ! $needs_preview ) { if ( ! has_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ) ) { add_action( "customize_post_value_set_{$this->id}", array( $this, 'preview' ) ); } return false; } switch ( $this->type ) { case 'theme_mod': if ( ! $is_multidimensional ) { add_filter( "theme_mod_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add this filter once for this ID base. add_filter( "theme_mod_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; case 'option': if ( ! $is_multidimensional ) { add_filter( "pre_option_{$id_base}", array( $this, '_preview_filter' ) ); } else { if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { // Only add these filters once for this ID base. add_filter( "option_{$id_base}", $multidimensional_filter ); add_filter( "default_option_{$id_base}", $multidimensional_filter ); } self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'][ $this->id ] = $this; } break; default: /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->id}", $this ); /** * Fires when the WP_Customize_Setting::preview() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the setting type. * * @since 4.1.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_preview_{$this->type}", $this ); } $this->is_previewed = true; return true; } /** * Clear out the previewed-applied flag for a multidimensional-aggregated value whenever its post value is updated. * * This ensures that the new value will get sanitized and used the next time * that `WP_Customize_Setting::_multidimensional_preview_filter()` * is called for this setting. * * @since 4.4.0 * * @see WP_Customize_Manager::set_post_value() * @see WP_Customize_Setting::_multidimensional_preview_filter() */ final public function _clear_aggregated_multidimensional_preview_applied_flag() { unset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['preview_applied_instances'][ $this->id ] ); } /** * Callback function to filter non-multidimensional theme mods and options. * * If switch_to_blog() was called after the preview() method, and the current * site is now not the same site, then this method does a no-op and returns * the original value. * * @since 3.4.0 * * @param mixed $original Old value. * @return mixed New or old value. */ public function _preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $undefined = new stdClass(); // Symbol hack. $post_value = $this->post_value( $undefined ); if ( $undefined !== $post_value ) { $value = $post_value; } else { /* * Note that we don't use $original here because preview() will * not add the filter in the first place if it has an initial value * and there is no post value. */ $value = $this->default; } return $value; } /** * Callback function to filter multidimensional theme mods and options. * * For all multidimensional settings of a given type, the preview filter for * the first setting previewed will be used to apply the values for the others. * * @since 4.4.0 * * @see WP_Customize_Setting::$aggregated_multidimensionals * @param mixed $original Original root value. * @return mixed New or old value. */ final public function _multidimensional_preview_filter( $original ) { if ( ! $this->is_current_blog_previewed() ) { return $original; } $id_base = $this->id_data['base']; // If no settings have been previewed yet (which should not be the case, since $this is), just pass through the original value. if ( empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] ) ) { return $original; } foreach ( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['previewed_instances'] as $previewed_setting ) { // Skip applying previewed value for any settings that have already been applied. if ( ! empty( self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] ) ) { continue; } // Do the replacements of the posted/default sub value into the root value. $value = $previewed_setting->post_value( $previewed_setting->default ); $root = self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value']; $root = $previewed_setting->multidimensional_replace( $root, $previewed_setting->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['root_value'] = $root; // Mark this setting having been applied so that it will be skipped when the filter is called again. self::$aggregated_multidimensionals[ $previewed_setting->type ][ $id_base ]['preview_applied_instances'][ $previewed_setting->id ] = true; } return self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; } /** * Checks user capabilities and theme supports, and then saves * the value of the setting. * * @since 3.4.0 * * @return void|false Void on success, false if cap check fails * or value isn't set or is invalid. */ final public function save() { $value = $this->post_value(); if ( ! $this->check_capabilities() || ! isset( $value ) ) { return false; } $id_base = $this->id_data['base']; /** * Fires when the WP_Customize_Setting::save() method is called. * * The dynamic portion of the hook name, `$id_base` refers to * the base slug of the setting name. * * @since 3.4.0 * * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_save_{$id_base}", $this ); $this->update( $value ); } /** * Fetch and sanitize the $_POST value for the setting. * * During a save request prior to save, post_value() provides the new value while value() does not. * * @since 3.4.0 * * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The default value on failure, otherwise the sanitized and validated value. */ final public function post_value( $default_value = null ) { return $this->manager->post_value( $this, $default_value ); } /** * Sanitize an input. * * @since 3.4.0 * * @param string|array $value The value to sanitize. * @return string|array|null|WP_Error Sanitized value, or `null`/`WP_Error` if invalid. */ public function sanitize( $value ) { /** * Filters a Customize setting value in un-slashed form. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); } /** * Validates an input. * * @since 4.6.0 * * @see WP_REST_Request::has_valid_params() * * @param mixed $value Value to validate. * @return true|WP_Error True if the input was validated, otherwise WP_Error. */ public function validate( $value ) { if ( is_wp_error( $value ) ) { return $value; } if ( is_null( $value ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); } $validity = new WP_Error(); /** * Validates a Customize setting value. * * Plugins should amend the `$validity` object via its `WP_Error::add()` method. * * The dynamic portion of the hook name, `$this->ID`, refers to the setting ID. * * @since 4.6.0 * * @param WP_Error $validity Filtered from `true` to `WP_Error` when invalid. * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $validity = apply_filters( "customize_validate_{$this->id}", $validity, $value, $this ); if ( is_wp_error( $validity ) && ! $validity->has_errors() ) { $validity = true; } return $validity; } /** * Get the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $default_value Value to return if root does not exist. * @return mixed */ protected function get_root_value( $default_value = null ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { return get_option( $id_base, $default_value ); } elseif ( 'theme_mod' === $this->type ) { return get_theme_mod( $id_base, $default_value ); } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return $default_value; } } /** * Set the root value for a setting, especially for multidimensional ones. * * @since 4.4.0 * * @param mixed $value Value to set as root of multidimensional setting. * @return bool Whether the multidimensional root was updated successfully. */ protected function set_root_value( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type ) { $autoload = true; if ( isset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] ) ) { $autoload = self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload']; } return update_option( $id_base, $value, $autoload ); } elseif ( 'theme_mod' === $this->type ) { set_theme_mod( $id_base, $value ); return true; } else { /* * Any WP_Customize_Setting subclass implementing aggregate multidimensional * will need to override this method to obtain the data from the appropriate * location. */ return false; } } /** * Save the value of the setting, using the related API. * * @since 3.4.0 * * @param mixed $value The value to update. * @return bool The result of saving the value. */ protected function update( $value ) { $id_base = $this->id_data['base']; if ( 'option' === $this->type || 'theme_mod' === $this->type ) { if ( ! $this->is_multidimensional_aggregated ) { return $this->set_root_value( $value ); } else { $root = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $root = $this->multidimensional_replace( $root, $this->id_data['keys'], $value ); self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value'] = $root; return $this->set_root_value( $root ); } } else { /** * Fires when the WP_Customize_Setting::update() method is called for settings * not handled as theme_mods or options. * * The dynamic portion of the hook name, `$this->type`, refers to the type of setting. * * @since 3.4.0 * * @param mixed $value Value of the setting. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ do_action( "customize_update_{$this->type}", $value, $this ); return has_action( "customize_update_{$this->type}" ); } } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_theme_mod() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Deprecated method. * * @since 3.4.0 * @deprecated 4.4.0 Deprecated in favor of update() method. */ protected function _update_option() { _deprecated_function( __METHOD__, '4.4.0', __CLASS__ . '::update()' ); } /** * Fetch the value of the setting. * * @since 3.4.0 * * @return mixed The value. */ public function value() { $id_base = $this->id_data['base']; $is_core_type = ( 'option' === $this->type || 'theme_mod' === $this->type ); if ( ! $is_core_type && ! $this->is_multidimensional_aggregated ) { // Use post value if previewed and a post value is present. if ( $this->is_previewed ) { $value = $this->post_value( null ); if ( null !== $value ) { return $value; } } $value = $this->get_root_value( $this->default ); /** * Filters a Customize setting value not handled as a theme_mod or option. * * The dynamic portion of the hook name, `$id_base`, refers to * the base slug of the setting name, initialized from `$this->id_data['base']`. * * For settings handled as theme_mods or options, see those corresponding * functions for available hooks. * * @since 3.4.0 * @since 4.6.0 Added the `$this` setting instance as the second parameter. * * @param mixed $default_value The setting default value. Default empty. * @param WP_Customize_Setting $setting The setting instance. */ $value = apply_filters( "customize_value_{$id_base}", $value, $this ); } elseif ( $this->is_multidimensional_aggregated ) { $root_value = self::$aggregated_multidimensionals[ $this->type ][ $id_base ]['root_value']; $value = $this->multidimensional_get( $root_value, $this->id_data['keys'], $this->default ); // Ensure that the post value is used if the setting is previewed, since preview filters aren't applying on cached $root_value. if ( $this->is_previewed ) { $value = $this->post_value( $value ); } } else { $value = $this->get_root_value( $this->default ); } return $value; } /** * Sanitize the setting's value for use in JavaScript. * * @since 3.4.0 * * @return mixed The requested escaped value. */ public function js_value() { /** * Filters a Customize setting value for use in JavaScript. * * The dynamic portion of the hook name, `$this->id`, refers to the setting ID. * * @since 3.4.0 * * @param mixed $value The setting value. * @param WP_Customize_Setting $setting WP_Customize_Setting instance. */ $value = apply_filters( "customize_sanitize_js_{$this->id}", $this->value(), $this ); if ( is_string( $value ) ) { return html_entity_decode( $value, ENT_QUOTES, 'UTF-8' ); } return $value; } /** * Retrieves the data to export to the client via JSON. * * @since 4.6.0 * * @return array Array of parameters passed to JavaScript. */ public function json() { return array( 'value' => $this->js_value(), 'transport' => $this->transport, 'dirty' => $this->dirty, 'type' => $this->type, ); } /** * Validate user capabilities whether the theme supports the setting. * * @since 3.4.0 * * @return bool False if theme doesn't support the setting or user can't change setting, otherwise true. */ final public function check_capabilities() { if ( $this->capability && ! current_user_can( $this->capability ) ) { return false; } if ( $this->theme_supports && ! current_theme_supports( ...(array) $this->theme_supports ) ) { return false; } return true; } /** * Multidimensional helper function. * * @since 3.4.0 * * @param array $root * @param array $keys * @param bool $create Default false. * @return array|void Keys are 'root', 'node', and 'key'. */ final protected function multidimensional( &$root, $keys, $create = false ) { if ( $create && empty( $root ) ) { $root = array(); } if ( ! isset( $root ) || empty( $keys ) ) { return; } $last = array_pop( $keys ); $node = &$root; foreach ( $keys as $key ) { if ( $create && ! isset( $node[ $key ] ) ) { $node[ $key ] = array(); } if ( ! is_array( $node ) || ! isset( $node[ $key ] ) ) { return; } $node = &$node[ $key ]; } if ( $create ) { if ( ! is_array( $node ) ) { // Account for an array overriding a string or object value. $node = array(); } if ( ! isset( $node[ $last ] ) ) { $node[ $last ] = array(); } } if ( ! isset( $node[ $last ] ) ) { return; } return array( 'root' => &$root, 'node' => &$node, 'key' => $last, ); } /** * Will attempt to replace a specific value in a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $value The value to update. * @return mixed */ final protected function multidimensional_replace( $root, $keys, $value ) { if ( ! isset( $value ) ) { return $root; } elseif ( empty( $keys ) ) { // If there are no keys, we're replacing the root. return $value; } $result = $this->multidimensional( $root, $keys, true ); if ( isset( $result ) ) { $result['node'][ $result['key'] ] = $value; } return $root; } /** * Will attempt to fetch a specific value from a multidimensional array. * * @since 3.4.0 * * @param array $root * @param array $keys * @param mixed $default_value A default value which is used as a fallback. Default null. * @return mixed The requested value or the default value. */ final protected function multidimensional_get( $root, $keys, $default_value = null ) { if ( empty( $keys ) ) { // If there are no keys, test the root. return isset( $root ) ? $root : $default_value; } $result = $this->multidimensional( $root, $keys ); return isset( $result ) ? $result['node'][ $result['key'] ] : $default_value; } /** * Will attempt to check if a specific value in a multidimensional array is set. * * @since 3.4.0 * * @param array $root * @param array $keys * @return bool True if value is set, false if not. */ final protected function multidimensional_isset( $root, $keys ) { $result = $this->multidimensional_get( $root, $keys ); return isset( $result ); } } /** * WP_Customize_Filter_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php'; /** * WP_Customize_Header_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php'; /** * WP_Customize_Background_Image_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php'; /** * WP_Customize_Nav_Menu_Item_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php'; /** * WP_Customize_Nav_Menu_Setting class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php'; https-detection-20260606092326.php 0000666 00000013341 15224716631 0012001 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260608081111.php 0000666 00000013341 15224716631 0011771 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605100735.php 0000666 00000013341 15224716631 0011772 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605141018.php 0000666 00000013341 15224716631 0011771 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-term-query.php 0000666 00000117771 15224716631 0011147 0 ustar 00 <?php /** * Taxonomy API: WP_Term_Query class. * * @package WordPress * @subpackage Taxonomy * @since 4.6.0 */ /** * Class used for querying terms. * * @since 4.6.0 * * @see WP_Term_Query::__construct() for accepted arguments. */ #[AllowDynamicProperties] class WP_Term_Query { /** * SQL string used to perform database query. * * @since 4.6.0 * @var string */ public $request; /** * Metadata query container. * * @since 4.6.0 * @var WP_Meta_Query A meta query instance. */ public $meta_query = false; /** * Metadata query clauses. * * @since 4.6.0 * @var array */ protected $meta_query_clauses; /** * SQL query clauses. * * @since 4.6.0 * @var array */ protected $sql_clauses = array( 'select' => '', 'from' => '', 'where' => array(), 'orderby' => '', 'limits' => '', ); /** * Query vars set by the user. * * @since 4.6.0 * @var array */ public $query_vars; /** * Default values for query vars. * * @since 4.6.0 * @var array */ public $query_var_defaults; /** * List of terms located by the query. * * @since 4.6.0 * @var array */ public $terms; /** * Constructor. * * Sets up the term query, based on the query vars passed. * * @since 4.6.0 * @since 4.6.0 Introduced 'term_taxonomy_id' parameter. * @since 4.7.0 Introduced 'object_ids' parameter. * @since 4.9.0 Added 'slug__in' support for 'orderby'. * @since 5.1.0 Introduced the 'meta_compare_key' parameter. * @since 5.3.0 Introduced the 'meta_type_key' parameter. * @since 6.4.0 Introduced the 'cache_results' parameter. * * @param string|array $query { * Optional. Array or query string of term query parameters. Default empty. * * @type string|string[] $taxonomy Taxonomy name, or array of taxonomy names, to which results * should be limited. * @type int|int[] $object_ids Object ID, or array of object IDs. Results will be * limited to terms associated with these objects. * @type string $orderby Field(s) to order terms by. Accepts: * - Term fields ('name', 'slug', 'term_group', 'term_id', 'id', * 'description', 'parent', 'term_order'). Unless `$object_ids` * is not empty, 'term_order' is treated the same as 'term_id'. * - 'count' to use the number of objects associated with the term. * - 'include' to match the 'order' of the `$include` param. * - 'slug__in' to match the 'order' of the `$slug` param. * - 'meta_value' * - 'meta_value_num'. * - The value of `$meta_key`. * - The array keys of `$meta_query`. * - 'none' to omit the ORDER BY clause. * Default 'name'. * @type string $order Whether to order terms in ascending or descending order. * Accepts 'ASC' (ascending) or 'DESC' (descending). * Default 'ASC'. * @type bool|int $hide_empty Whether to hide terms not assigned to any posts. Accepts * 1|true or 0|false. Default 1|true. * @type int[]|string $include Array or comma/space-separated string of term IDs to include. * Default empty array. * @type int[]|string $exclude Array or comma/space-separated string of term IDs to exclude. * If `$include` is non-empty, `$exclude` is ignored. * Default empty array. * @type int[]|string $exclude_tree Array or comma/space-separated string of term IDs to exclude * along with all of their descendant terms. If `$include` is * non-empty, `$exclude_tree` is ignored. Default empty array. * @type int|string $number Maximum number of terms to return. Accepts ''|0 (all) or any * positive number. Default ''|0 (all). Note that `$number` may * not return accurate results when coupled with `$object_ids`. * See #41796 for details. * @type int $offset The number by which to offset the terms query. Default empty. * @type string $fields Term fields to query for. Accepts: * - 'all' Returns an array of complete term objects (`WP_Term[]`). * - 'all_with_object_id' Returns an array of term objects * with the 'object_id' param (`WP_Term[]`). Works only * when the `$object_ids` parameter is populated. * - 'ids' Returns an array of term IDs (`int[]`). * - 'tt_ids' Returns an array of term taxonomy IDs (`int[]`). * - 'names' Returns an array of term names (`string[]`). * - 'slugs' Returns an array of term slugs (`string[]`). * - 'count' Returns the number of matching terms (`int`). * - 'id=>parent' Returns an associative array of parent term IDs, * keyed by term ID (`int[]`). * - 'id=>name' Returns an associative array of term names, * keyed by term ID (`string[]`). * - 'id=>slug' Returns an associative array of term slugs, * keyed by term ID (`string[]`). * Default 'all'. * @type string|string[] $name Name or array of names to return term(s) for. * Default empty. * @type string|string[] $slug Slug or array of slugs to return term(s) for. * Default empty. * @type int|int[] $term_taxonomy_id Term taxonomy ID, or array of term taxonomy IDs, * to match when querying terms. * @type bool $hierarchical Whether to include terms that have non-empty descendants * (even if `$hide_empty` is set to true). Default true. * @type string $search Search criteria to match terms. Will be SQL-formatted with * wildcards before and after. Default empty. * @type string $name__like Retrieve terms with criteria by which a term is LIKE * `$name__like`. Default empty. * @type string $description__like Retrieve terms where the description is LIKE * `$description__like`. Default empty. * @type bool $pad_counts Whether to pad the quantity of a term's children in the * quantity of each term's "count" object variable. * Default false. * @type string $get Whether to return terms regardless of ancestry or whether the * terms are empty. Accepts 'all' or '' (disabled). * Default ''. * @type int $child_of Term ID to retrieve child terms of. If multiple taxonomies * are passed, `$child_of` is ignored. Default 0. * @type int $parent Parent term ID to retrieve direct-child terms of. * Default empty. * @type bool $childless True to limit results to terms that have no children. * This parameter has no effect on non-hierarchical taxonomies. * Default false. * @type string $cache_domain Unique cache key to be produced when this query is stored in * an object cache. Default 'core'. * @type bool $cache_results Whether to cache term information. Default true. * @type bool $update_term_meta_cache Whether to prime meta caches for matched terms. Default true. * @type string|string[] $meta_key Meta key or keys to filter by. * @type string|string[] $meta_value Meta value or values to filter by. * @type string $meta_compare MySQL operator used for comparing the meta value. * See WP_Meta_Query::__construct() for accepted values and default value. * @type string $meta_compare_key MySQL operator used for comparing the meta key. * See WP_Meta_Query::__construct() for accepted values and default value. * @type string $meta_type MySQL data type that the meta_value column will be CAST to for comparisons. * See WP_Meta_Query::__construct() for accepted values and default value. * @type string $meta_type_key MySQL data type that the meta_key column will be CAST to for comparisons. * See WP_Meta_Query::__construct() for accepted values and default value. * @type array $meta_query An associative array of WP_Meta_Query arguments. * See WP_Meta_Query::__construct() for accepted values. * } */ public function __construct( $query = '' ) { $this->query_var_defaults = array( 'taxonomy' => null, 'object_ids' => null, 'orderby' => 'name', 'order' => 'ASC', 'hide_empty' => true, 'include' => array(), 'exclude' => array(), 'exclude_tree' => array(), 'number' => '', 'offset' => '', 'fields' => 'all', 'name' => '', 'slug' => '', 'term_taxonomy_id' => '', 'hierarchical' => true, 'search' => '', 'name__like' => '', 'description__like' => '', 'pad_counts' => false, 'get' => '', 'child_of' => 0, 'parent' => '', 'childless' => false, 'cache_domain' => 'core', 'cache_results' => true, 'update_term_meta_cache' => true, 'meta_query' => '', 'meta_key' => '', 'meta_value' => '', 'meta_type' => '', 'meta_compare' => '', ); if ( ! empty( $query ) ) { $this->query( $query ); } } /** * Parse arguments passed to the term query with default query parameters. * * @since 4.6.0 * * @param string|array $query WP_Term_Query arguments. See WP_Term_Query::__construct() for accepted arguments. */ public function parse_query( $query = '' ) { if ( empty( $query ) ) { $query = $this->query_vars; } $taxonomies = isset( $query['taxonomy'] ) ? (array) $query['taxonomy'] : null; /** * Filters the terms query default arguments. * * Use {@see 'get_terms_args'} to filter the passed arguments. * * @since 4.4.0 * * @param array $defaults An array of default get_terms() arguments. * @param string[] $taxonomies An array of taxonomy names. */ $this->query_var_defaults = apply_filters( 'get_terms_defaults', $this->query_var_defaults, $taxonomies ); $query = wp_parse_args( $query, $this->query_var_defaults ); $query['number'] = absint( $query['number'] ); $query['offset'] = absint( $query['offset'] ); // 'parent' overrides 'child_of'. if ( 0 < (int) $query['parent'] ) { $query['child_of'] = false; } if ( 'all' === $query['get'] ) { $query['childless'] = false; $query['child_of'] = 0; $query['hide_empty'] = 0; $query['hierarchical'] = false; $query['pad_counts'] = false; } $query['taxonomy'] = $taxonomies; $this->query_vars = $query; /** * Fires after term query vars have been parsed. * * @since 4.6.0 * * @param WP_Term_Query $query Current instance of WP_Term_Query. */ do_action( 'parse_term_query', $this ); } /** * Sets up the query and retrieves the results. * * The return type varies depending on the value passed to `$args['fields']`. See * WP_Term_Query::get_terms() for details. * * @since 4.6.0 * * @param string|array $query Array or URL query string of parameters. * @return WP_Term[]|int[]|string[]|string Array of terms, or number of terms as numeric string * when 'count' is passed to `$args['fields']`. */ public function query( $query ) { $this->query_vars = wp_parse_args( $query ); return $this->get_terms(); } /** * Retrieves the query results. * * The return type varies depending on the value passed to `$args['fields']`. * * The following will result in an array of `WP_Term` objects being returned: * * - 'all' * - 'all_with_object_id' * * The following will result in a numeric string being returned: * * - 'count' * * The following will result in an array of text strings being returned: * * - 'id=>name' * - 'id=>slug' * - 'names' * - 'slugs' * * The following will result in an array of numeric strings being returned: * * - 'id=>parent' * * The following will result in an array of integers being returned: * * - 'ids' * - 'tt_ids' * * @since 4.6.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return WP_Term[]|int[]|string[]|string Array of terms, or number of terms as numeric string * when 'count' is passed to `$args['fields']`. */ public function get_terms() { global $wpdb; $this->parse_query( $this->query_vars ); $args = &$this->query_vars; // Set up meta_query so it's available to 'pre_get_terms'. $this->meta_query = new WP_Meta_Query(); $this->meta_query->parse_query_vars( $args ); /** * Fires before terms are retrieved. * * @since 4.6.0 * * @param WP_Term_Query $query Current instance of WP_Term_Query (passed by reference). */ do_action_ref_array( 'pre_get_terms', array( &$this ) ); $taxonomies = (array) $args['taxonomy']; // Save queries by not crawling the tree in the case of multiple taxes or a flat tax. $has_hierarchical_tax = false; if ( $taxonomies ) { foreach ( $taxonomies as $_tax ) { if ( is_taxonomy_hierarchical( $_tax ) ) { $has_hierarchical_tax = true; } } } else { // When no taxonomies are provided, assume we have to descend the tree. $has_hierarchical_tax = true; } if ( ! $has_hierarchical_tax ) { $args['hierarchical'] = false; $args['pad_counts'] = false; } // 'parent' overrides 'child_of'. if ( 0 < (int) $args['parent'] ) { $args['child_of'] = false; } if ( 'all' === $args['get'] ) { $args['childless'] = false; $args['child_of'] = 0; $args['hide_empty'] = 0; $args['hierarchical'] = false; $args['pad_counts'] = false; } /** * Filters the terms query arguments. * * @since 3.1.0 * * @param array $args An array of get_terms() arguments. * @param string[] $taxonomies An array of taxonomy names. */ $args = apply_filters( 'get_terms_args', $args, $taxonomies ); // Avoid the query if the queried parent/child_of term has no descendants. $child_of = $args['child_of']; $parent = $args['parent']; if ( $child_of ) { $_parent = $child_of; } elseif ( $parent ) { $_parent = $parent; } else { $_parent = false; } if ( $_parent ) { $in_hierarchy = false; foreach ( $taxonomies as $_tax ) { $hierarchy = _get_term_hierarchy( $_tax ); if ( isset( $hierarchy[ $_parent ] ) ) { $in_hierarchy = true; } } if ( ! $in_hierarchy ) { if ( 'count' === $args['fields'] ) { return 0; } else { $this->terms = array(); return $this->terms; } } } // 'term_order' is a legal sort order only when joining the relationship table. $_orderby = $this->query_vars['orderby']; if ( 'term_order' === $_orderby && empty( $this->query_vars['object_ids'] ) ) { $_orderby = 'term_id'; } $orderby = $this->parse_orderby( $_orderby ); if ( $orderby ) { $orderby = "ORDER BY $orderby"; } $order = $this->parse_order( $this->query_vars['order'] ); if ( $taxonomies ) { $this->sql_clauses['where']['taxonomy'] = "tt.taxonomy IN ('" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "')"; } if ( empty( $args['exclude'] ) ) { $args['exclude'] = array(); } if ( empty( $args['include'] ) ) { $args['include'] = array(); } $exclude = $args['exclude']; $exclude_tree = $args['exclude_tree']; $include = $args['include']; if ( ! empty( $include ) ) { $exclude = ''; $exclude_tree = ''; $inclusions = implode( ',', wp_parse_id_list( $include ) ); $this->sql_clauses['where']['inclusions'] = 't.term_id IN ( ' . $inclusions . ' )'; } $exclusions = array(); if ( ! empty( $exclude_tree ) ) { $exclude_tree = wp_parse_id_list( $exclude_tree ); $excluded_children = $exclude_tree; foreach ( $exclude_tree as $extrunk ) { $excluded_children = array_merge( $excluded_children, (array) get_terms( array( 'taxonomy' => reset( $taxonomies ), 'child_of' => (int) $extrunk, 'fields' => 'ids', 'hide_empty' => 0, ) ) ); } $exclusions = array_merge( $excluded_children, $exclusions ); } if ( ! empty( $exclude ) ) { $exclusions = array_merge( wp_parse_id_list( $exclude ), $exclusions ); } // 'childless' terms are those without an entry in the flattened term hierarchy. $childless = (bool) $args['childless']; if ( $childless ) { foreach ( $taxonomies as $_tax ) { $term_hierarchy = _get_term_hierarchy( $_tax ); $exclusions = array_merge( array_keys( $term_hierarchy ), $exclusions ); } } if ( ! empty( $exclusions ) ) { $exclusions = 't.term_id NOT IN (' . implode( ',', array_map( 'intval', $exclusions ) ) . ')'; } else { $exclusions = ''; } /** * Filters the terms to exclude from the terms query. * * @since 2.3.0 * * @param string $exclusions `NOT IN` clause of the terms query. * @param array $args An array of terms query arguments. * @param string[] $taxonomies An array of taxonomy names. */ $exclusions = apply_filters( 'list_terms_exclusions', $exclusions, $args, $taxonomies ); if ( ! empty( $exclusions ) ) { // Strip leading 'AND'. Must do string manipulation here for backward compatibility with filter. $this->sql_clauses['where']['exclusions'] = preg_replace( '/^\s*AND\s*/', '', $exclusions ); } if ( '' === $args['name'] ) { $args['name'] = array(); } else { $args['name'] = (array) $args['name']; } if ( ! empty( $args['name'] ) ) { $names = $args['name']; foreach ( $names as &$_name ) { // `sanitize_term_field()` returns slashed data. $_name = stripslashes( sanitize_term_field( 'name', $_name, 0, reset( $taxonomies ), 'db' ) ); } $this->sql_clauses['where']['name'] = "t.name IN ('" . implode( "', '", array_map( 'esc_sql', $names ) ) . "')"; } if ( '' === $args['slug'] ) { $args['slug'] = array(); } else { $args['slug'] = array_map( 'sanitize_title', (array) $args['slug'] ); } if ( ! empty( $args['slug'] ) ) { $slug = implode( "', '", $args['slug'] ); $this->sql_clauses['where']['slug'] = "t.slug IN ('" . $slug . "')"; } if ( '' === $args['term_taxonomy_id'] ) { $args['term_taxonomy_id'] = array(); } else { $args['term_taxonomy_id'] = array_map( 'intval', (array) $args['term_taxonomy_id'] ); } if ( ! empty( $args['term_taxonomy_id'] ) ) { $tt_ids = implode( ',', $args['term_taxonomy_id'] ); $this->sql_clauses['where']['term_taxonomy_id'] = "tt.term_taxonomy_id IN ({$tt_ids})"; } if ( ! empty( $args['name__like'] ) ) { $this->sql_clauses['where']['name__like'] = $wpdb->prepare( 't.name LIKE %s', '%' . $wpdb->esc_like( $args['name__like'] ) . '%' ); } if ( ! empty( $args['description__like'] ) ) { $this->sql_clauses['where']['description__like'] = $wpdb->prepare( 'tt.description LIKE %s', '%' . $wpdb->esc_like( $args['description__like'] ) . '%' ); } if ( '' === $args['object_ids'] ) { $args['object_ids'] = array(); } else { $args['object_ids'] = array_map( 'intval', (array) $args['object_ids'] ); } if ( ! empty( $args['object_ids'] ) ) { $object_ids = implode( ', ', $args['object_ids'] ); $this->sql_clauses['where']['object_ids'] = "tr.object_id IN ($object_ids)"; } /* * When querying for object relationships, the 'count > 0' check * added by 'hide_empty' is superfluous. */ if ( ! empty( $args['object_ids'] ) ) { $args['hide_empty'] = false; } if ( '' !== $parent ) { $parent = (int) $parent; $this->sql_clauses['where']['parent'] = "tt.parent = '$parent'"; } $hierarchical = $args['hierarchical']; if ( 'count' === $args['fields'] ) { $hierarchical = false; } if ( $args['hide_empty'] && ! $hierarchical ) { $this->sql_clauses['where']['count'] = 'tt.count > 0'; } $number = $args['number']; $offset = $args['offset']; // Don't limit the query results when we have to descend the family tree. if ( $number && ! $hierarchical && ! $child_of && '' === $parent ) { if ( $offset ) { $limits = 'LIMIT ' . $offset . ',' . $number; } else { $limits = 'LIMIT ' . $number; } } else { $limits = ''; } if ( ! empty( $args['search'] ) ) { $this->sql_clauses['where']['search'] = $this->get_search_sql( $args['search'] ); } // Meta query support. $join = ''; $distinct = ''; // Reparse meta_query query_vars, in case they were modified in a 'pre_get_terms' callback. $this->meta_query->parse_query_vars( $this->query_vars ); $mq_sql = $this->meta_query->get_sql( 'term', 't', 'term_id' ); $meta_clauses = $this->meta_query->get_clauses(); if ( ! empty( $meta_clauses ) ) { $join .= $mq_sql['join']; // Strip leading 'AND'. $this->sql_clauses['where']['meta_query'] = preg_replace( '/^\s*AND\s*/', '', $mq_sql['where'] ); $distinct .= 'DISTINCT'; } $selects = array(); switch ( $args['fields'] ) { case 'count': $orderby = ''; $order = ''; $selects = array( 'COUNT(*)' ); break; default: $selects = array( 't.term_id' ); if ( 'all_with_object_id' === $args['fields'] && ! empty( $args['object_ids'] ) ) { $selects[] = 'tr.object_id'; } break; } $_fields = $args['fields']; /** * Filters the fields to select in the terms query. * * Field lists modified using this filter will only modify the term fields returned * by the function when the `$fields` parameter set to 'count' or 'all'. In all other * cases, the term fields in the results array will be determined by the `$fields` * parameter alone. * * Use of this filter can result in unpredictable behavior, and is not recommended. * * @since 2.8.0 * * @param string[] $selects An array of fields to select for the terms query. * @param array $args An array of term query arguments. * @param string[] $taxonomies An array of taxonomy names. */ $fields = implode( ', ', apply_filters( 'get_terms_fields', $selects, $args, $taxonomies ) ); $join .= " INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id"; if ( ! empty( $this->query_vars['object_ids'] ) ) { $join .= " INNER JOIN {$wpdb->term_relationships} AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id"; $distinct = 'DISTINCT'; } $where = implode( ' AND ', $this->sql_clauses['where'] ); $pieces = array( 'fields', 'join', 'where', 'distinct', 'orderby', 'order', 'limits' ); /** * Filters the terms query SQL clauses. * * @since 3.1.0 * * @param string[] $clauses { * Associative array of the clauses for the query. * * @type string $fields The SELECT clause of the query. * @type string $join The JOIN clause of the query. * @type string $where The WHERE clause of the query. * @type string $distinct The DISTINCT clause of the query. * @type string $orderby The ORDER BY clause of the query. * @type string $order The ORDER clause of the query. * @type string $limits The LIMIT clause of the query. * } * @param string[] $taxonomies An array of taxonomy names. * @param array $args An array of term query arguments. */ $clauses = apply_filters( 'terms_clauses', compact( $pieces ), $taxonomies, $args ); $fields = isset( $clauses['fields'] ) ? $clauses['fields'] : ''; $join = isset( $clauses['join'] ) ? $clauses['join'] : ''; $where = isset( $clauses['where'] ) ? $clauses['where'] : ''; $distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : ''; $orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : ''; $order = isset( $clauses['order'] ) ? $clauses['order'] : ''; $limits = isset( $clauses['limits'] ) ? $clauses['limits'] : ''; $fields_is_filtered = implode( ', ', $selects ) !== $fields; if ( $where ) { $where = "WHERE $where"; } $this->sql_clauses['select'] = "SELECT $distinct $fields"; $this->sql_clauses['from'] = "FROM $wpdb->terms AS t $join"; $this->sql_clauses['orderby'] = $orderby ? "$orderby $order" : ''; $this->sql_clauses['limits'] = $limits; // Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841. $this->request = "{$this->sql_clauses['select']} {$this->sql_clauses['from']} {$where} {$this->sql_clauses['orderby']} {$this->sql_clauses['limits']}"; $this->terms = null; /** * Filters the terms array before the query takes place. * * Return a non-null value to bypass WordPress' default term queries. * * @since 5.3.0 * * @param array|null $terms Return an array of term data to short-circuit WP's term query, * or null to allow WP queries to run normally. * @param WP_Term_Query $query The WP_Term_Query instance, passed by reference. */ $this->terms = apply_filters_ref_array( 'terms_pre_query', array( $this->terms, &$this ) ); if ( null !== $this->terms ) { return $this->terms; } if ( $args['cache_results'] ) { $cache_key = $this->generate_cache_key( $args, $this->request ); $last_changed = wp_cache_get_last_changed( 'terms' ); $cache = wp_cache_get_salted( $cache_key, 'term-queries', $last_changed ); if ( false !== $cache ) { if ( 'ids' === $_fields ) { $cache = array_map( 'intval', $cache ); } elseif ( 'count' !== $_fields ) { if ( ( 'all_with_object_id' === $_fields && ! empty( $args['object_ids'] ) ) || ( 'all' === $_fields && $args['pad_counts'] || $fields_is_filtered ) ) { $term_ids = wp_list_pluck( $cache, 'term_id' ); } else { $term_ids = array_map( 'intval', $cache ); } _prime_term_caches( $term_ids, $args['update_term_meta_cache'] ); $term_objects = $this->populate_terms( $cache ); $cache = $this->format_terms( $term_objects, $_fields ); } $this->terms = $cache; return $this->terms; } } if ( 'count' === $_fields ) { $count = $wpdb->get_var( $this->request ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared if ( $args['cache_results'] ) { wp_cache_set_salted( $cache_key, $count, 'term-queries', $last_changed ); } return $count; } $terms = $wpdb->get_results( $this->request ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared if ( empty( $terms ) ) { $this->terms = array(); if ( $args['cache_results'] ) { wp_cache_set_salted( $cache_key, $this->terms, 'term-queries', $last_changed ); } return $this->terms; } $term_ids = wp_list_pluck( $terms, 'term_id' ); _prime_term_caches( $term_ids, false ); $term_objects = $this->populate_terms( $terms ); if ( $child_of ) { foreach ( $taxonomies as $_tax ) { $children = _get_term_hierarchy( $_tax ); if ( ! empty( $children ) ) { $term_objects = _get_term_children( $child_of, $term_objects, $_tax ); } } } // Update term counts to include children. if ( $args['pad_counts'] && 'all' === $_fields ) { foreach ( $taxonomies as $_tax ) { _pad_term_counts( $term_objects, $_tax ); } } // Make sure we show empty categories that have children. if ( $hierarchical && $args['hide_empty'] && is_array( $term_objects ) ) { foreach ( $term_objects as $k => $term ) { if ( ! $term->count ) { $children = get_term_children( $term->term_id, $term->taxonomy ); if ( is_array( $children ) ) { foreach ( $children as $child_id ) { $child = get_term( $child_id, $term->taxonomy ); if ( $child instanceof WP_Term && $child->count ) { continue 2; } } } // It really is empty. unset( $term_objects[ $k ] ); } } } // Hierarchical queries are not limited, so 'offset' and 'number' must be handled now. if ( $hierarchical && $number && is_array( $term_objects ) ) { if ( $offset >= count( $term_objects ) ) { $term_objects = array(); } else { $term_objects = array_slice( $term_objects, $offset, $number, true ); } } // Prime termmeta cache. if ( $args['update_term_meta_cache'] ) { $term_ids = wp_list_pluck( $term_objects, 'term_id' ); wp_lazyload_term_meta( $term_ids ); } if ( 'all_with_object_id' === $_fields && ! empty( $args['object_ids'] ) ) { $term_cache = array(); foreach ( $term_objects as $term ) { $object = new stdClass(); $object->term_id = $term->term_id; $object->object_id = $term->object_id; $term_cache[] = $object; } } elseif ( 'all' === $_fields && $args['pad_counts'] ) { $term_cache = array(); foreach ( $term_objects as $term ) { $object = new stdClass(); $object->term_id = $term->term_id; $object->count = $term->count; $term_cache[] = $object; } } elseif ( $fields_is_filtered ) { $term_cache = $term_objects; } else { $term_cache = wp_list_pluck( $term_objects, 'term_id' ); } if ( $args['cache_results'] ) { wp_cache_set_salted( $cache_key, $term_cache, 'term-queries', $last_changed ); } $this->terms = $this->format_terms( $term_objects, $_fields ); return $this->terms; } /** * Parse and sanitize 'orderby' keys passed to the term query. * * @since 4.6.0 * * @param string $orderby_raw Alias for the field to order by. * @return string|false Value to used in the ORDER clause. False otherwise. */ protected function parse_orderby( $orderby_raw ) { $_orderby = strtolower( $orderby_raw ); $maybe_orderby_meta = false; if ( in_array( $_orderby, array( 'term_id', 'name', 'slug', 'term_group' ), true ) ) { $orderby = "t.$_orderby"; } elseif ( in_array( $_orderby, array( 'count', 'parent', 'taxonomy', 'term_taxonomy_id', 'description' ), true ) ) { $orderby = "tt.$_orderby"; } elseif ( 'term_order' === $_orderby ) { $orderby = 'tr.term_order'; } elseif ( 'include' === $_orderby && ! empty( $this->query_vars['include'] ) ) { $include = implode( ',', wp_parse_id_list( $this->query_vars['include'] ) ); $orderby = "FIELD( t.term_id, $include )"; } elseif ( 'slug__in' === $_orderby && ! empty( $this->query_vars['slug'] ) && is_array( $this->query_vars['slug'] ) ) { $slugs = implode( "', '", array_map( 'sanitize_title_for_query', $this->query_vars['slug'] ) ); $orderby = "FIELD( t.slug, '" . $slugs . "')"; } elseif ( 'none' === $_orderby ) { $orderby = ''; } elseif ( empty( $_orderby ) || 'id' === $_orderby || 'term_id' === $_orderby ) { $orderby = 't.term_id'; } else { $orderby = 't.name'; // This may be a value of orderby related to meta. $maybe_orderby_meta = true; } /** * Filters the ORDERBY clause of the terms query. * * @since 2.8.0 * * @param string $orderby `ORDERBY` clause of the terms query. * @param array $args An array of term query arguments. * @param string[] $taxonomies An array of taxonomy names. */ $orderby = apply_filters( 'get_terms_orderby', $orderby, $this->query_vars, $this->query_vars['taxonomy'] ); // Run after the 'get_terms_orderby' filter for backward compatibility. if ( $maybe_orderby_meta ) { $maybe_orderby_meta = $this->parse_orderby_meta( $_orderby ); if ( $maybe_orderby_meta ) { $orderby = $maybe_orderby_meta; } } return $orderby; } /** * Format response depending on field requested. * * @since 6.0.0 * * @param WP_Term[] $term_objects Array of term objects. * @param string $_fields Field to format. * * @return WP_Term[]|int[]|string[] Array of terms / strings / ints depending on field requested. */ protected function format_terms( $term_objects, $_fields ) { $_terms = array(); if ( 'id=>parent' === $_fields ) { foreach ( $term_objects as $term ) { $_terms[ $term->term_id ] = $term->parent; } } elseif ( 'ids' === $_fields ) { foreach ( $term_objects as $term ) { $_terms[] = (int) $term->term_id; } } elseif ( 'tt_ids' === $_fields ) { foreach ( $term_objects as $term ) { $_terms[] = (int) $term->term_taxonomy_id; } } elseif ( 'names' === $_fields ) { foreach ( $term_objects as $term ) { $_terms[] = $term->name; } } elseif ( 'slugs' === $_fields ) { foreach ( $term_objects as $term ) { $_terms[] = $term->slug; } } elseif ( 'id=>name' === $_fields ) { foreach ( $term_objects as $term ) { $_terms[ $term->term_id ] = $term->name; } } elseif ( 'id=>slug' === $_fields ) { foreach ( $term_objects as $term ) { $_terms[ $term->term_id ] = $term->slug; } } elseif ( 'all' === $_fields || 'all_with_object_id' === $_fields ) { $_terms = $term_objects; } return $_terms; } /** * Generate the ORDER BY clause for an 'orderby' param that is potentially related to a meta query. * * @since 4.6.0 * * @param string $orderby_raw Raw 'orderby' value passed to WP_Term_Query. * @return string ORDER BY clause. */ protected function parse_orderby_meta( $orderby_raw ) { $orderby = ''; // Tell the meta query to generate its SQL, so we have access to table aliases. $this->meta_query->get_sql( 'term', 't', 'term_id' ); $meta_clauses = $this->meta_query->get_clauses(); if ( ! $meta_clauses || ! $orderby_raw ) { return $orderby; } $allowed_keys = array(); $primary_meta_key = null; $primary_meta_query = reset( $meta_clauses ); if ( ! empty( $primary_meta_query['key'] ) ) { $primary_meta_key = $primary_meta_query['key']; $allowed_keys[] = $primary_meta_key; } $allowed_keys[] = 'meta_value'; $allowed_keys[] = 'meta_value_num'; $allowed_keys = array_merge( $allowed_keys, array_keys( $meta_clauses ) ); if ( ! in_array( $orderby_raw, $allowed_keys, true ) ) { return $orderby; } switch ( $orderby_raw ) { case $primary_meta_key: case 'meta_value': if ( ! empty( $primary_meta_query['type'] ) ) { $orderby = "CAST({$primary_meta_query['alias']}.meta_value AS {$primary_meta_query['cast']})"; } else { $orderby = "{$primary_meta_query['alias']}.meta_value"; } break; case 'meta_value_num': $orderby = "{$primary_meta_query['alias']}.meta_value+0"; break; default: if ( array_key_exists( $orderby_raw, $meta_clauses ) ) { // $orderby corresponds to a meta_query clause. $meta_clause = $meta_clauses[ $orderby_raw ]; $orderby = "CAST({$meta_clause['alias']}.meta_value AS {$meta_clause['cast']})"; } break; } return $orderby; } /** * Parse an 'order' query variable and cast it to ASC or DESC as necessary. * * @since 4.6.0 * * @param string $order The 'order' query variable. * @return string The sanitized 'order' query variable. */ protected function parse_order( $order ) { if ( ! is_string( $order ) || empty( $order ) ) { return 'DESC'; } if ( 'ASC' === strtoupper( $order ) ) { return 'ASC'; } else { return 'DESC'; } } /** * Used internally to generate a SQL string related to the 'search' parameter. * * @since 4.6.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $search Search string. * @return string Search SQL. */ protected function get_search_sql( $search ) { global $wpdb; $like = '%' . $wpdb->esc_like( $search ) . '%'; return $wpdb->prepare( '((t.name LIKE %s) OR (t.slug LIKE %s))', $like, $like ); } /** * Creates an array of term objects from an array of term IDs. * * Also discards invalid term objects. * * @since 4.9.8 * * @param Object[]|int[] $terms List of objects or term ids. * @return WP_Term[] Array of `WP_Term` objects. */ protected function populate_terms( $terms ) { $term_objects = array(); if ( ! is_array( $terms ) ) { return $term_objects; } foreach ( $terms as $key => $term_data ) { if ( is_object( $term_data ) && property_exists( $term_data, 'term_id' ) ) { $term = get_term( $term_data->term_id ); if ( property_exists( $term_data, 'object_id' ) ) { $term->object_id = (int) $term_data->object_id; } if ( property_exists( $term_data, 'count' ) ) { $term->count = (int) $term_data->count; } } else { $term = get_term( $term_data ); } if ( $term instanceof WP_Term ) { $term_objects[ $key ] = $term; } } return $term_objects; } /** * Generate cache key. * * @since 6.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $args WP_Term_Query arguments. * @param string $sql SQL statement. * * @return string Cache key. */ protected function generate_cache_key( array $args, $sql ) { global $wpdb; // $args can be anything. Only use the args defined in defaults to compute the key. $cache_args = wp_array_slice_assoc( $args, array_keys( $this->query_var_defaults ) ); unset( $cache_args['cache_results'], $cache_args['update_term_meta_cache'] ); if ( 'count' !== $args['fields'] && 'all_with_object_id' !== $args['fields'] ) { $cache_args['fields'] = 'all'; } // Replace wpdb placeholder in the SQL statement used by the cache key. $sql = $wpdb->remove_placeholder_escape( $sql ); $key = md5( serialize( $cache_args ) . $sql ); return "get_terms:$key"; } } https-detection-20260605080418.php 0000666 00000013341 15224716631 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260622024947-20260624032608.php 0000666 00000011205 15224716631 0013401 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260623161122.php 0000666 00000011205 15224716631 0011777 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606092011.php 0000666 00000011205 15224716631 0012000 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606165331.php 0000666 00000013341 15224716631 0011776 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260607010100.php 0000666 00000011205 15224716631 0011766 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606183636.php 0000666 00000013341 15224716631 0012006 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605132956.php 0000666 00000011205 15224716631 0012014 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260622113239.php 0000666 00000011205 15224716631 0012004 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } feed-atom-comments.php 0000666 00000012600 15224716631 0010753 0 ustar 00 <?php /** * Atom Feed Template for displaying Atom Comments feed. * * @package WordPress */ header( 'Content-Type: ' . feed_content_type( 'atom' ) . '; charset=' . get_option( 'blog_charset' ), true ); echo '<?xml version="1.0" encoding="' . get_option( 'blog_charset' ) . '" ?' . '>'; /** This action is documented in wp-includes/feed-rss2.php */ do_action( 'rss_tag_pre', 'atom-comments' ); ?> <feed xmlns="http://www.w3.org/2005/Atom" xml:lang="<?php bloginfo_rss( 'language' ); ?>" xmlns:thr="http://purl.org/syndication/thread/1.0" <?php /** This action is documented in wp-includes/feed-atom.php */ do_action( 'atom_ns' ); /** * Fires inside the feed tag in the Atom comment feed. * * @since 2.8.0 */ do_action( 'atom_comments_ns' ); ?> > <title type="text"> <?php if ( is_singular() ) { /* translators: Comments feed title. %s: Post title. */ printf( ent2ncr( __( 'Comments on %s' ) ), get_the_title_rss() ); } elseif ( is_search() ) { /* translators: Comments feed title. 1: Site title, 2: Search query. */ printf( ent2ncr( __( 'Comments for %1$s searching on %2$s' ) ), get_bloginfo_rss( 'name' ), get_search_query() ); } else { /* translators: Comments feed title. %s: Site title. */ printf( ent2ncr( __( 'Comments for %s' ) ), get_wp_title_rss() ); } ?> </title> <subtitle type="text"><?php bloginfo_rss( 'description' ); ?></subtitle> <updated><?php echo get_feed_build_date( 'Y-m-d\TH:i:s\Z' ); ?></updated> <?php if ( is_singular() ) : ?> <link rel="alternate" type="<?php bloginfo_rss( 'html_type' ); ?>" href="<?php comments_link_feed(); ?>" /> <link rel="self" type="application/atom+xml" href="<?php echo esc_url( get_post_comments_feed_link( '', 'atom' ) ); ?>" /> <id><?php echo esc_url( get_post_comments_feed_link( '', 'atom' ) ); ?></id> <?php elseif ( is_search() ) : ?> <link rel="alternate" type="<?php bloginfo_rss( 'html_type' ); ?>" href="<?php echo home_url() . '?s=' . get_search_query(); ?>" /> <link rel="self" type="application/atom+xml" href="<?php echo get_search_comments_feed_link( '', 'atom' ); ?>" /> <id><?php echo get_search_comments_feed_link( '', 'atom' ); ?></id> <?php else : ?> <link rel="alternate" type="<?php bloginfo_rss( 'html_type' ); ?>" href="<?php bloginfo_rss( 'url' ); ?>" /> <link rel="self" type="application/atom+xml" href="<?php bloginfo_rss( 'comments_atom_url' ); ?>" /> <id><?php bloginfo_rss( 'comments_atom_url' ); ?></id> <?php endif; ?> <?php /** * Fires at the end of the Atom comment feed header. * * @since 2.8.0 */ do_action( 'comments_atom_head' ); ?> <?php while ( have_comments() ) : the_comment(); $comment_post = get_post( $comment->comment_post_ID ); /** * @global WP_Post $post Global post object. */ $GLOBALS['post'] = $comment_post; ?> <entry> <title> <?php if ( ! is_singular() ) { $title = get_the_title( $comment_post->ID ); /** This filter is documented in wp-includes/feed.php */ $title = apply_filters( 'the_title_rss', $title ); /* translators: Individual comment title. 1: Post title, 2: Comment author name. */ printf( ent2ncr( __( 'Comment on %1$s by %2$s' ) ), $title, get_comment_author_rss() ); } else { /* translators: Comment author title. %s: Comment author name. */ printf( ent2ncr( __( 'By: %s' ) ), get_comment_author_rss() ); } ?> </title> <link rel="alternate" href="<?php comment_link(); ?>" type="<?php bloginfo_rss( 'html_type' ); ?>" /> <author> <name><?php comment_author_rss(); ?></name> <?php if ( get_comment_author_url() ) { echo '<uri>' . get_comment_author_url() . '</uri>'; } ?> </author> <id><?php comment_guid(); ?></id> <updated><?php echo mysql2date( 'Y-m-d\TH:i:s\Z', get_comment_time( 'Y-m-d H:i:s', true, false ), false ); ?></updated> <published><?php echo mysql2date( 'Y-m-d\TH:i:s\Z', get_comment_time( 'Y-m-d H:i:s', true, false ), false ); ?></published> <?php if ( post_password_required( $comment_post ) ) : ?> <content type="html" xml:base="<?php comment_link(); ?>"><![CDATA[<?php echo get_the_password_form(); ?>]]></content> <?php else : ?> <content type="html" xml:base="<?php comment_link(); ?>"><![CDATA[<?php comment_text(); ?>]]></content> <?php endif; // End if post_password_required(). ?> <?php // Return comment threading information (https://www.ietf.org/rfc/rfc4685.txt). if ( '0' === $comment->comment_parent ) : // This comment is top-level. ?> <thr:in-reply-to ref="<?php the_guid(); ?>" href="<?php the_permalink_rss(); ?>" type="<?php bloginfo_rss( 'html_type' ); ?>" /> <?php else : // This comment is in reply to another comment. $parent_comment = get_comment( $comment->comment_parent ); /* * The rel attribute below and the id tag above should be GUIDs, * but WP doesn't create them for comments (unlike posts). * Either way, it's more important that they both use the same system. */ ?> <thr:in-reply-to ref="<?php comment_guid( $parent_comment ); ?>" href="<?php echo get_comment_link( $parent_comment ); ?>" type="<?php bloginfo_rss( 'html_type' ); ?>" /> <?php endif; /** * Fires at the end of each Atom comment feed item. * * @since 2.2.0 * * @param int $comment_id ID of the current comment. * @param int $comment_post_id ID of the post the current comment is connected to. */ do_action( 'comment_atom_entry', $comment->comment_ID, $comment_post->ID ); ?> </entry> <?php endwhile; ?> </feed> https-migration.php 0000666 00000011205 15224716631 0010420 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605102011.php 0000666 00000011205 15224716631 0011767 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606142425.php 0000666 00000013341 15224716631 0011775 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260606041235.php 0000666 00000013341 15224716631 0011772 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260622024947.php 0000666 00000011205 15224716631 0012013 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605140027.php 0000666 00000013341 15224716631 0011770 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606223841.php 0000666 00000011205 15224716631 0012007 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } string.php 0000666 00000020233 15224716631 0006576 0 ustar 00 <?php /** * Parses unified or context diffs output from eg. the diff utility. * * Example: * <code> * $patch = file_get_contents('example.patch'); * $diff = new Text_Diff('string', array($patch)); * $renderer = new Text_Diff_Renderer_inline(); * echo $renderer->render($diff); * </code> * * Copyright 2005 Örjan Persson <o@42mm.org> * Copyright 2005-2010 The Horde Project (http://www.horde.org/) * * See the enclosed file COPYING for license information (LGPL). If you did * not receive this file, see https://opensource.org/license/lgpl-2-1/. * * @author Örjan Persson <o@42mm.org> * @package Text_Diff * @since 0.2.0 */ class Text_Diff_Engine_string { /** * Parses a unified or context diff. * * First param contains the whole diff and the second can be used to force * a specific diff type. If the second parameter is 'autodetect', the * diff will be examined to find out which type of diff this is. * * @param string $diff The diff content. * @param string $mode The diff mode of the content in $diff. One of * 'context', 'unified', or 'autodetect'. * * @return array List of all diff operations. */ function diff($diff, $mode = 'autodetect') { // Detect line breaks. $lnbr = "\n"; if (strpos($diff, "\r\n") !== false) { $lnbr = "\r\n"; } elseif (strpos($diff, "\r") !== false) { $lnbr = "\r"; } // Make sure we have a line break at the EOF. if (substr($diff, -strlen($lnbr)) != $lnbr) { $diff .= $lnbr; } if ($mode != 'autodetect' && $mode != 'context' && $mode != 'unified') { return PEAR::raiseError('Type of diff is unsupported'); } if ($mode == 'autodetect') { $context = strpos($diff, '***'); $unified = strpos($diff, '---'); if ($context === $unified) { return PEAR::raiseError('Type of diff could not be detected'); } elseif ($context === false || $unified === false) { $mode = $context !== false ? 'context' : 'unified'; } else { $mode = $context < $unified ? 'context' : 'unified'; } } // Split by new line and remove the diff header, if there is one. $diff = explode($lnbr, $diff); if (($mode == 'context' && strpos($diff[0], '***') === 0) || ($mode == 'unified' && strpos($diff[0], '---') === 0)) { array_shift($diff); array_shift($diff); } if ($mode == 'context') { return $this->parseContextDiff($diff); } else { return $this->parseUnifiedDiff($diff); } } /** * Parses an array containing the unified diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseUnifiedDiff($diff) { $edits = array(); $end = count($diff) - 1; for ($i = 0; $i < $end;) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case ' ': do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == ' '); $edits[] = new Text_Diff_Op_copy($diff1); break; case '+': // get all new lines do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': // get changed or removed lines $diff2 = array(); do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '-'); while ($i < $end && substr($diff[$i], 0, 1) == '+') { $diff2[] = substr($diff[$i++], 1); } if (count($diff2) == 0) { $edits[] = new Text_Diff_Op_delete($diff1); } else { $edits[] = new Text_Diff_Op_change($diff1, $diff2); } break; default: $i++; break; } } return $edits; } /** * Parses an array containing the context diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseContextDiff(&$diff) { $edits = array(); $i = $max_i = $j = $max_j = 0; $end = count($diff) - 1; while ($i < $end && $j < $end) { while ($i >= $max_i && $j >= $max_j) { // Find the boundaries of the diff output of the two files for ($i = $j; $i < $end && substr($diff[$i], 0, 3) == '***'; $i++); for ($max_i = $i; $max_i < $end && substr($diff[$max_i], 0, 3) != '---'; $max_i++); for ($j = $max_i; $j < $end && substr($diff[$j], 0, 3) == '---'; $j++); for ($max_j = $j; $max_j < $end && substr($diff[$max_j], 0, 3) != '***'; $max_j++); } // find what hasn't been changed $array = array(); while ($i < $max_i && $j < $max_j && strcmp($diff[$i], $diff[$j]) == 0) { $array[] = substr($diff[$i], 2); $i++; $j++; } while ($i < $max_i && ($max_j-$j) <= 1) { if ($diff[$i] != '' && substr($diff[$i], 0, 1) != ' ') { break; } $array[] = substr($diff[$i++], 2); } while ($j < $max_j && ($max_i-$i) <= 1) { if ($diff[$j] != '' && substr($diff[$j], 0, 1) != ' ') { break; } $array[] = substr($diff[$j++], 2); } if (count($array) > 0) { $edits[] = new Text_Diff_Op_copy($array); } if ($i < $max_i) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case '!': $diff2 = array(); do { $diff1[] = substr($diff[$i], 2); if ($j < $max_j && substr($diff[$j], 0, 1) == '!') { $diff2[] = substr($diff[$j++], 2); } } while (++$i < $max_i && substr($diff[$i], 0, 1) == '!'); $edits[] = new Text_Diff_Op_change($diff1, $diff2); break; case '+': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff1); break; } } if ($j < $max_j) { $diff2 = array(); switch (substr($diff[$j], 0, 1)) { case '+': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff2); break; case '-': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff2); break; } } } return $edits; } }
| ver. 1.4 |
Github
|
.
| PHP 5.4.45 | Generation time: 0.02 |
proxy
|
phpinfo
|
Settings