File manager - Edit - /home/matthif/www/wp-content/plugins/wordpress-seo/theme-compat.tar
Back
class-wp-customize-manager.php 0000666 00000614603 15225074365 0012465 0 ustar 00 <?php /** * WordPress Customize Manager classes * * @package WordPress * @subpackage Customize * @since 3.4.0 */ /** * Customize Manager class. * * Bootstraps the Customize experience on the server-side. * * Sets up the theme-switching process if a theme other than the active one is * being previewed and customized. * * Serves as a factory for Customize Controls and Settings, and * instantiates default Customize Controls and Settings. * * @since 3.4.0 */ #[AllowDynamicProperties] final class WP_Customize_Manager { /** * An instance of the theme being previewed. * * @since 3.4.0 * @var WP_Theme */ protected $theme; /** * The directory name of the previously active theme (within the theme_root). * * @since 3.4.0 * @var string */ protected $original_stylesheet; /** * Whether this is a Customizer pageload. * * @since 3.4.0 * @var bool */ protected $previewing = false; /** * Methods and properties dealing with managing widgets in the Customizer. * * @since 3.9.0 * @var WP_Customize_Widgets */ public $widgets; /** * Methods and properties dealing with managing nav menus in the Customizer. * * @since 4.3.0 * @var WP_Customize_Nav_Menus */ public $nav_menus; /** * Methods and properties dealing with selective refresh in the Customizer preview. * * @since 4.5.0 * @var WP_Customize_Selective_Refresh */ public $selective_refresh; /** * Registered instances of WP_Customize_Setting. * * @since 3.4.0 * @var array */ protected $settings = array(); /** * Sorted top-level instances of WP_Customize_Panel and WP_Customize_Section. * * @since 4.0.0 * @var array */ protected $containers = array(); /** * Registered instances of WP_Customize_Panel. * * @since 4.0.0 * @var array */ protected $panels = array(); /** * List of core components. * * @since 4.5.0 * @var array */ protected $components = array( 'nav_menus' ); /** * Registered instances of WP_Customize_Section. * * @since 3.4.0 * @var array */ protected $sections = array(); /** * Registered instances of WP_Customize_Control. * * @since 3.4.0 * @var array */ protected $controls = array(); /** * Panel types that may be rendered from JS templates. * * @since 4.3.0 * @var array */ protected $registered_panel_types = array(); /** * Section types that may be rendered from JS templates. * * @since 4.3.0 * @var array */ protected $registered_section_types = array(); /** * Control types that may be rendered from JS templates. * * @since 4.1.0 * @var array */ protected $registered_control_types = array(); /** * Initial URL being previewed. * * @since 4.4.0 * @var string */ protected $preview_url; /** * URL to link the user to when closing the Customizer. * * @since 4.4.0 * @var string */ protected $return_url; /** * Mapping of 'panel', 'section', 'control' to the ID which should be autofocused. * * @since 4.4.0 * @var string[] */ protected $autofocus = array(); /** * Messenger channel. * * @since 4.7.0 * @var string */ protected $messenger_channel; /** * Whether the autosave revision of the changeset should be loaded. * * @since 4.9.0 * @var bool */ protected $autosaved = false; /** * Whether the changeset branching is allowed. * * @since 4.9.0 * @var bool */ protected $branching = true; /** * Whether settings should be previewed. * * @since 4.9.0 * @var bool */ protected $settings_previewed = true; /** * Whether a starter content changeset was saved. * * @since 4.9.0 * @var bool */ protected $saved_starter_content_changeset = false; /** * Unsanitized values for Customize Settings parsed from $_POST['customized']. * * @var array */ private $_post_values; /** * Changeset UUID. * * @since 4.7.0 * @var string */ private $_changeset_uuid; /** * Changeset post ID. * * @since 4.7.0 * @var int|false */ private $_changeset_post_id; /** * Changeset data loaded from a customize_changeset post. * * @since 4.7.0 * @var array|null */ private $_changeset_data; /** * Constructor. * * @since 3.4.0 * @since 4.7.0 Added `$args` parameter. * * @param array $args { * Args. * * @type null|string|false $changeset_uuid Changeset UUID, the `post_name` for the customize_changeset post containing the customized state. * Defaults to `null` resulting in a UUID to be immediately generated. If `false` is provided, then * then the changeset UUID will be determined during `after_setup_theme`: when the * `customize_changeset_branching` filter returns false, then the default UUID will be that * of the most recent `customize_changeset` post that has a status other than 'auto-draft', * 'publish', or 'trash'. Otherwise, if changeset branching is enabled, then a random UUID will be used. * @type string $theme Theme to be previewed (for theme switch). Defaults to customize_theme or theme query params. * @type string $messenger_channel Messenger channel. Defaults to customize_messenger_channel query param. * @type bool $settings_previewed If settings should be previewed. Defaults to true. * @type bool $branching If changeset branching is allowed; otherwise, changesets are linear. Defaults to true. * @type bool $autosaved If data from a changeset's autosaved revision should be loaded if it exists. Defaults to false. * } */ public function __construct( $args = array() ) { $args = array_merge( array_fill_keys( array( 'changeset_uuid', 'theme', 'messenger_channel', 'settings_previewed', 'autosaved', 'branching' ), null ), $args ); // Note that the UUID format will be validated in the setup_theme() method. if ( ! isset( $args['changeset_uuid'] ) ) { $args['changeset_uuid'] = wp_generate_uuid4(); } /* * The theme and messenger_channel should be supplied via $args, * but they are also looked at in the $_REQUEST global here for back-compat. */ if ( ! isset( $args['theme'] ) ) { if ( isset( $_REQUEST['customize_theme'] ) ) { $args['theme'] = wp_unslash( $_REQUEST['customize_theme'] ); } elseif ( isset( $_REQUEST['theme'] ) ) { // Deprecated. $args['theme'] = wp_unslash( $_REQUEST['theme'] ); } } if ( ! isset( $args['messenger_channel'] ) && isset( $_REQUEST['customize_messenger_channel'] ) ) { $args['messenger_channel'] = sanitize_key( wp_unslash( $_REQUEST['customize_messenger_channel'] ) ); } // Do not load 'widgets' component if a block theme is activated. if ( ! wp_is_block_theme() ) { $this->components[] = 'widgets'; } $this->original_stylesheet = get_stylesheet(); $this->theme = wp_get_theme( 0 === validate_file( $args['theme'] ) ? $args['theme'] : null ); $this->messenger_channel = $args['messenger_channel']; $this->_changeset_uuid = $args['changeset_uuid']; foreach ( array( 'settings_previewed', 'autosaved', 'branching' ) as $key ) { if ( isset( $args[ $key ] ) ) { $this->$key = (bool) $args[ $key ]; } } require_once ABSPATH . WPINC . '/class-wp-customize-setting.php'; require_once ABSPATH . WPINC . '/class-wp-customize-panel.php'; require_once ABSPATH . WPINC . '/class-wp-customize-section.php'; require_once ABSPATH . WPINC . '/class-wp-customize-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-color-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-media-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-upload-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-image-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-position-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-cropped-image-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-site-icon-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-theme-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-code-editor-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-widget-area-customize-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-widget-form-customize-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-location-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-name-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-locations-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-auto-add-control.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menus-panel.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-themes-panel.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-themes-section.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-sidebar-section.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-section.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-custom-css-setting.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php'; require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php'; /** * Filters the core Customizer components to load. * * This allows Core components to be excluded from being instantiated by * filtering them out of the array. Note that this filter generally runs * during the {@see 'plugins_loaded'} action, so it cannot be added * in a theme. * * @since 4.4.0 * * @see WP_Customize_Manager::__construct() * * @param string[] $components Array of core components to load. * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ $components = apply_filters( 'customize_loaded_components', $this->components, $this ); require_once ABSPATH . WPINC . '/customize/class-wp-customize-selective-refresh.php'; $this->selective_refresh = new WP_Customize_Selective_Refresh( $this ); if ( in_array( 'widgets', $components, true ) ) { require_once ABSPATH . WPINC . '/class-wp-customize-widgets.php'; $this->widgets = new WP_Customize_Widgets( $this ); } if ( in_array( 'nav_menus', $components, true ) ) { require_once ABSPATH . WPINC . '/class-wp-customize-nav-menus.php'; $this->nav_menus = new WP_Customize_Nav_Menus( $this ); } add_action( 'setup_theme', array( $this, 'setup_theme' ) ); add_action( 'wp_loaded', array( $this, 'wp_loaded' ) ); // Do not spawn cron (especially the alternate cron) while running the Customizer. remove_action( 'init', 'wp_cron' ); // Do not run update checks when rendering the controls. remove_action( 'admin_init', '_maybe_update_core' ); remove_action( 'admin_init', '_maybe_update_plugins' ); remove_action( 'admin_init', '_maybe_update_themes' ); add_action( 'wp_ajax_customize_save', array( $this, 'save' ) ); add_action( 'wp_ajax_customize_trash', array( $this, 'handle_changeset_trash_request' ) ); add_action( 'wp_ajax_customize_refresh_nonces', array( $this, 'refresh_nonces' ) ); add_action( 'wp_ajax_customize_load_themes', array( $this, 'handle_load_themes_request' ) ); add_filter( 'heartbeat_settings', array( $this, 'add_customize_screen_to_heartbeat_settings' ) ); add_filter( 'heartbeat_received', array( $this, 'check_changeset_lock_with_heartbeat' ), 10, 3 ); add_action( 'wp_ajax_customize_override_changeset_lock', array( $this, 'handle_override_changeset_lock_request' ) ); add_action( 'wp_ajax_customize_dismiss_autosave_or_lock', array( $this, 'handle_dismiss_autosave_or_lock_request' ) ); add_action( 'customize_register', array( $this, 'register_controls' ) ); add_action( 'customize_register', array( $this, 'register_dynamic_settings' ), 11 ); // Allow code to create settings first. add_action( 'customize_controls_init', array( $this, 'prepare_controls' ) ); add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_control_scripts' ) ); // Render Common, Panel, Section, and Control templates. add_action( 'customize_controls_print_footer_scripts', array( $this, 'render_panel_templates' ), 1 ); add_action( 'customize_controls_print_footer_scripts', array( $this, 'render_section_templates' ), 1 ); add_action( 'customize_controls_print_footer_scripts', array( $this, 'render_control_templates' ), 1 ); // Export header video settings with the partial response. add_filter( 'customize_render_partials_response', array( $this, 'export_header_video_settings' ), 10, 3 ); // Export the settings to JS via the _wpCustomizeSettings variable. add_action( 'customize_controls_print_footer_scripts', array( $this, 'customize_pane_settings' ), 1000 ); // Add theme update notices. if ( current_user_can( 'install_themes' ) || current_user_can( 'update_themes' ) ) { require_once ABSPATH . 'wp-admin/includes/update.php'; add_action( 'customize_controls_print_footer_scripts', 'wp_print_admin_notice_templates' ); } } /** * Returns true if it's an Ajax request. * * @since 3.4.0 * @since 4.2.0 Added `$action` param. * * @param string|null $action Whether the supplied Ajax action is being run. * @return bool True if it's an Ajax request, false otherwise. */ public function doing_ajax( $action = null ) { if ( ! wp_doing_ajax() ) { return false; } if ( ! $action ) { return true; } else { /* * Note: we can't just use doing_action( "wp_ajax_{$action}" ) because we need * to check before admin-ajax.php gets to that point. */ return isset( $_REQUEST['action'] ) && wp_unslash( $_REQUEST['action'] ) === $action; } } /** * Custom wp_die wrapper. Returns either the standard message for UI * or the Ajax message. * * @since 3.4.0 * * @param string|WP_Error $ajax_message Ajax return. * @param string $message Optional. UI message. */ protected function wp_die( $ajax_message, $message = null ) { if ( $this->doing_ajax() ) { wp_die( $ajax_message ); } if ( ! $message ) { $message = __( 'An error occurred while customizing. Please refresh the page and try again.' ); } if ( $this->messenger_channel ) { ob_start(); wp_enqueue_scripts(); wp_print_scripts( array( 'customize-base' ) ); $settings = array( 'messengerArgs' => array( 'channel' => $this->messenger_channel, 'url' => wp_customize_url(), ), 'error' => $ajax_message, ); $message .= ob_get_clean(); ob_start(); ?> <script> ( function( api, settings ) { var preview = new api.Messenger( settings.messengerArgs ); preview.send( 'iframe-loading-error', settings.error ); } )( wp.customize, <?php echo wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); ?> ); </script> <?php $message .= wp_get_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) . "\n//# sourceURL=" . rawurlencode( __METHOD__ ) ); } wp_die( $message ); } /** * Returns the Ajax wp_die() handler if it's a customized request. * * @since 3.4.0 * @deprecated 4.7.0 * * @return callable Die handler. */ public function wp_die_handler() { _deprecated_function( __METHOD__, '4.7.0' ); if ( $this->doing_ajax() || isset( $_POST['customized'] ) ) { return '_ajax_wp_die_handler'; } return '_default_wp_die_handler'; } /** * Starts preview and customize theme. * * Check if customize query variable exist. Init filters to filter the active theme. * * @since 3.4.0 * * @global string $pagenow The filename of the current screen. */ public function setup_theme() { global $pagenow; // Check permissions for customize.php access since this method is called before customize.php can run any code. if ( 'customize.php' === $pagenow && ! current_user_can( 'customize' ) ) { if ( ! is_user_logged_in() ) { auth_redirect(); } else { wp_die( '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' . '<p>' . __( 'Sorry, you are not allowed to customize this site.' ) . '</p>', 403 ); } return; } // If a changeset was provided is invalid. if ( isset( $this->_changeset_uuid ) && false !== $this->_changeset_uuid && ! wp_is_uuid( $this->_changeset_uuid ) ) { $this->wp_die( -1, __( 'Invalid changeset UUID' ) ); } /* * Clear incoming post data if the user lacks a CSRF token (nonce). Note that the customizer * application will inject the customize_preview_nonce query parameter into all Ajax requests. * For similar behavior elsewhere in WordPress, see rest_cookie_check_errors() which logs out * a user when a valid nonce isn't present. */ $has_post_data_nonce = ( check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce', false ) || check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce', false ) || check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'customize_preview_nonce', false ) ); if ( ! current_user_can( 'customize' ) || ! $has_post_data_nonce ) { unset( $_POST['customized'] ); unset( $_REQUEST['customized'] ); } /* * If unauthenticated then require a valid changeset UUID to load the preview. * In this way, the UUID serves as a secret key. If the messenger channel is present, * then send unauthenticated code to prompt re-auth. */ if ( ! current_user_can( 'customize' ) && ! $this->changeset_post_id() ) { $this->wp_die( $this->messenger_channel ? 0 : -1, __( 'Non-existent changeset UUID.' ) ); } if ( ! headers_sent() ) { send_origin_headers(); } // Hide the admin bar if we're embedded in the customizer iframe. if ( $this->messenger_channel ) { show_admin_bar( false ); } if ( $this->is_theme_active() ) { // Once the theme is loaded, we'll validate it. add_action( 'after_setup_theme', array( $this, 'after_setup_theme' ) ); } else { /* * If the requested theme is not the active theme and the user doesn't have * the switch_themes cap, bail. */ if ( ! current_user_can( 'switch_themes' ) ) { $this->wp_die( -1, __( 'Sorry, you are not allowed to edit theme options on this site.' ) ); } // If the theme has errors while loading, bail. if ( $this->theme()->errors() ) { $this->wp_die( -1, $this->theme()->errors()->get_error_message() ); } // If the theme isn't allowed per multisite settings, bail. if ( ! $this->theme()->is_allowed() ) { $this->wp_die( -1, __( 'The requested theme does not exist.' ) ); } } // Make sure changeset UUID is established immediately after the theme is loaded. add_action( 'after_setup_theme', array( $this, 'establish_loaded_changeset' ), 5 ); /* * Import theme starter content for fresh installations when landing in the customizer. * Import starter content at after_setup_theme:100 so that any * add_theme_support( 'starter-content' ) calls will have been made. */ if ( get_option( 'fresh_site' ) && 'customize.php' === $pagenow ) { add_action( 'after_setup_theme', array( $this, 'import_theme_starter_content' ), 100 ); } $this->start_previewing_theme(); } /** * Establishes the loaded changeset. * * This method runs right at after_setup_theme and applies the 'customize_changeset_branching' filter to determine * whether concurrent changesets are allowed. Then if the Customizer is not initialized with a `changeset_uuid` param, * this method will determine which UUID should be used. If changeset branching is disabled, then the most saved * changeset will be loaded by default. Otherwise, if there are no existing saved changesets or if changeset branching is * enabled, then a new UUID will be generated. * * @since 4.9.0 * * @global string $pagenow The filename of the current screen. */ public function establish_loaded_changeset() { global $pagenow; if ( empty( $this->_changeset_uuid ) ) { $changeset_uuid = null; if ( ! $this->branching() && $this->is_theme_active() ) { $unpublished_changeset_posts = $this->get_changeset_posts( array( 'post_status' => array_diff( get_post_stati(), array( 'auto-draft', 'publish', 'trash', 'inherit', 'private' ) ), 'exclude_restore_dismissed' => false, 'author' => 'any', 'posts_per_page' => 1, 'order' => 'DESC', 'orderby' => 'date', ) ); $unpublished_changeset_post = array_shift( $unpublished_changeset_posts ); if ( ! empty( $unpublished_changeset_post ) && wp_is_uuid( $unpublished_changeset_post->post_name ) ) { $changeset_uuid = $unpublished_changeset_post->post_name; } } // If no changeset UUID has been set yet, then generate a new one. if ( empty( $changeset_uuid ) ) { $changeset_uuid = wp_generate_uuid4(); } $this->_changeset_uuid = $changeset_uuid; } if ( is_admin() && 'customize.php' === $pagenow ) { $this->set_changeset_lock( $this->changeset_post_id() ); } } /** * Callback to validate a theme once it is loaded * * @since 3.4.0 */ public function after_setup_theme() { $doing_ajax_or_is_customized = ( $this->doing_ajax() || isset( $_POST['customized'] ) ); if ( ! $doing_ajax_or_is_customized && ! validate_current_theme() ) { wp_redirect( 'themes.php?broken=true' ); exit; } } /** * If the theme to be previewed isn't the active theme, add filter callbacks * to swap it out at runtime. * * @since 3.4.0 */ public function start_previewing_theme() { // Bail if we're already previewing. if ( $this->is_preview() ) { return; } $this->previewing = true; if ( ! $this->is_theme_active() ) { add_filter( 'template', array( $this, 'get_template' ) ); add_filter( 'stylesheet', array( $this, 'get_stylesheet' ) ); add_filter( 'pre_option_current_theme', array( $this, 'current_theme' ) ); // @link: https://core.trac.wordpress.org/ticket/20027 add_filter( 'pre_option_stylesheet', array( $this, 'get_stylesheet' ) ); add_filter( 'pre_option_template', array( $this, 'get_template' ) ); // Handle custom theme roots. add_filter( 'pre_option_stylesheet_root', array( $this, 'get_stylesheet_root' ) ); add_filter( 'pre_option_template_root', array( $this, 'get_template_root' ) ); } /** * Fires once the Customizer theme preview has started. * * @since 3.4.0 * * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ do_action( 'start_previewing_theme', $this ); } /** * Stops previewing the selected theme. * * Removes filters to change the active theme. * * @since 3.4.0 */ public function stop_previewing_theme() { if ( ! $this->is_preview() ) { return; } $this->previewing = false; if ( ! $this->is_theme_active() ) { remove_filter( 'template', array( $this, 'get_template' ) ); remove_filter( 'stylesheet', array( $this, 'get_stylesheet' ) ); remove_filter( 'pre_option_current_theme', array( $this, 'current_theme' ) ); // @link: https://core.trac.wordpress.org/ticket/20027 remove_filter( 'pre_option_stylesheet', array( $this, 'get_stylesheet' ) ); remove_filter( 'pre_option_template', array( $this, 'get_template' ) ); // Handle custom theme roots. remove_filter( 'pre_option_stylesheet_root', array( $this, 'get_stylesheet_root' ) ); remove_filter( 'pre_option_template_root', array( $this, 'get_template_root' ) ); } /** * Fires once the Customizer theme preview has stopped. * * @since 3.4.0 * * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ do_action( 'stop_previewing_theme', $this ); } /** * Gets whether settings are or will be previewed. * * @since 4.9.0 * * @see WP_Customize_Setting::preview() * * @return bool */ public function settings_previewed() { return $this->settings_previewed; } /** * Gets whether data from a changeset's autosaved revision should be loaded if it exists. * * @since 4.9.0 * * @see WP_Customize_Manager::changeset_data() * * @return bool Is using autosaved changeset revision. */ public function autosaved() { return $this->autosaved; } /** * Whether the changeset branching is allowed. * * @since 4.9.0 * * @see WP_Customize_Manager::establish_loaded_changeset() * * @return bool Is changeset branching. */ public function branching() { /** * Filters whether or not changeset branching is allowed. * * By default in core, when changeset branching is not allowed, changesets will operate * linearly in that only one saved changeset will exist at a time (with a 'draft' or * 'future' status). This makes the Customizer operate in a way that is similar to going to * "edit" to one existing post: all users will be making changes to the same post, and autosave * revisions will be made for that post. * * By contrast, when changeset branching is allowed, then the model is like users going * to "add new" for a page and each user makes changes independently of each other since * they are all operating on their own separate pages, each getting their own separate * initial auto-drafts and then once initially saved, autosave revisions on top of that * user's specific post. * * Since linear changesets are deemed to be more suitable for the majority of WordPress users, * they are the default. For WordPress sites that have heavy site management in the Customizer * by multiple users then branching changesets should be enabled by means of this filter. * * @since 4.9.0 * * @param bool $allow_branching Whether branching is allowed. If `false`, the default, * then only one saved changeset exists at a time. * @param WP_Customize_Manager $wp_customize Manager instance. */ $this->branching = apply_filters( 'customize_changeset_branching', $this->branching, $this ); return $this->branching; } /** * Gets the changeset UUID. * * @since 4.7.0 * * @see WP_Customize_Manager::establish_loaded_changeset() * * @return string UUID. */ public function changeset_uuid() { if ( empty( $this->_changeset_uuid ) ) { $this->establish_loaded_changeset(); } return $this->_changeset_uuid; } /** * Gets the theme being customized. * * @since 3.4.0 * * @return WP_Theme */ public function theme() { if ( ! $this->theme ) { $this->theme = wp_get_theme(); } return $this->theme; } /** * Gets the registered settings. * * @since 3.4.0 * * @return array */ public function settings() { return $this->settings; } /** * Gets the registered controls. * * @since 3.4.0 * * @return array */ public function controls() { return $this->controls; } /** * Gets the registered containers. * * @since 4.0.0 * * @return array */ public function containers() { return $this->containers; } /** * Gets the registered sections. * * @since 3.4.0 * * @return array */ public function sections() { return $this->sections; } /** * Gets the registered panels. * * @since 4.0.0 * * @return array Panels. */ public function panels() { return $this->panels; } /** * Checks if the current theme is active. * * @since 3.4.0 * * @return bool */ public function is_theme_active() { return $this->get_stylesheet() === $this->original_stylesheet; } /** * Registers styles/scripts and initialize the preview of each setting * * @since 3.4.0 */ public function wp_loaded() { /* * Unconditionally register core types for panels, sections, and controls * in case plugin unhooks all customize_register actions. */ $this->register_panel_type( 'WP_Customize_Panel' ); $this->register_panel_type( 'WP_Customize_Themes_Panel' ); $this->register_section_type( 'WP_Customize_Section' ); $this->register_section_type( 'WP_Customize_Sidebar_Section' ); $this->register_section_type( 'WP_Customize_Themes_Section' ); $this->register_control_type( 'WP_Customize_Color_Control' ); $this->register_control_type( 'WP_Customize_Media_Control' ); $this->register_control_type( 'WP_Customize_Upload_Control' ); $this->register_control_type( 'WP_Customize_Image_Control' ); $this->register_control_type( 'WP_Customize_Background_Image_Control' ); $this->register_control_type( 'WP_Customize_Background_Position_Control' ); $this->register_control_type( 'WP_Customize_Cropped_Image_Control' ); $this->register_control_type( 'WP_Customize_Site_Icon_Control' ); $this->register_control_type( 'WP_Customize_Theme_Control' ); $this->register_control_type( 'WP_Customize_Code_Editor_Control' ); $this->register_control_type( 'WP_Customize_Date_Time_Control' ); /** * Fires once WordPress has loaded, allowing scripts and styles to be initialized. * * @since 3.4.0 * * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ do_action( 'customize_register', $this ); if ( $this->settings_previewed() ) { foreach ( $this->settings as $setting ) { $setting->preview(); } } if ( $this->is_preview() && ! is_admin() ) { $this->customize_preview_init(); } } /** * Prevents Ajax requests from following redirects when previewing a theme * by issuing a 200 response instead of a 30x. * * Instead, the JS will sniff out the location header. * * @since 3.4.0 * @deprecated 4.7.0 * * @param int $status Status. * @return int */ public function wp_redirect_status( $status ) { _deprecated_function( __FUNCTION__, '4.7.0' ); if ( $this->is_preview() && ! is_admin() ) { return 200; } return $status; } /** * Finds the changeset post ID for a given changeset UUID. * * @since 4.7.0 * * @param string $uuid Changeset UUID. * @return int|null Returns post ID on success and null on failure. */ public function find_changeset_post_id( $uuid ) { $cache_group = 'customize_changeset_post'; $changeset_post_id = wp_cache_get( $uuid, $cache_group ); if ( $changeset_post_id && 'customize_changeset' === get_post_type( $changeset_post_id ) ) { return $changeset_post_id; } $changeset_post_query = new WP_Query( array( 'post_type' => 'customize_changeset', 'post_status' => get_post_stati(), 'name' => $uuid, 'posts_per_page' => 1, 'no_found_rows' => true, 'cache_results' => true, 'update_post_meta_cache' => false, 'update_post_term_cache' => false, 'lazy_load_term_meta' => false, ) ); if ( ! empty( $changeset_post_query->posts ) ) { // Note: 'fields'=>'ids' is not being used in order to cache the post object as it will be needed. $changeset_post_id = $changeset_post_query->posts[0]->ID; wp_cache_set( $uuid, $changeset_post_id, $cache_group ); return $changeset_post_id; } return null; } /** * Gets changeset posts. * * @since 4.9.0 * * @param array $args { * Args to pass into `get_posts()` to query changesets. * * @type int $posts_per_page Number of posts to return. Defaults to -1 (all posts). * @type int $author Post author. Defaults to current user. * @type string $post_status Status of changeset. Defaults to 'auto-draft'. * @type bool $exclude_restore_dismissed Whether to exclude changeset auto-drafts that have been dismissed. Defaults to true. * } * @return WP_Post[] Auto-draft changesets. */ protected function get_changeset_posts( $args = array() ) { $default_args = array( 'exclude_restore_dismissed' => true, 'posts_per_page' => -1, 'post_type' => 'customize_changeset', 'post_status' => 'auto-draft', 'order' => 'DESC', 'orderby' => 'date', 'no_found_rows' => true, 'cache_results' => true, 'update_post_meta_cache' => false, 'update_post_term_cache' => false, 'lazy_load_term_meta' => false, ); if ( get_current_user_id() ) { $default_args['author'] = get_current_user_id(); } $args = array_merge( $default_args, $args ); if ( ! empty( $args['exclude_restore_dismissed'] ) ) { unset( $args['exclude_restore_dismissed'] ); $args['meta_query'] = array( array( 'key' => '_customize_restore_dismissed', 'compare' => 'NOT EXISTS', ), ); } return get_posts( $args ); } /** * Dismisses all of the current user's auto-drafts (other than the present one). * * @since 4.9.0 * @return int The number of auto-drafts that were dismissed. */ protected function dismiss_user_auto_draft_changesets() { $changeset_autodraft_posts = $this->get_changeset_posts( array( 'post_status' => 'auto-draft', 'exclude_restore_dismissed' => true, 'posts_per_page' => -1, ) ); $dismissed = 0; foreach ( $changeset_autodraft_posts as $autosave_autodraft_post ) { if ( $autosave_autodraft_post->ID === $this->changeset_post_id() ) { continue; } if ( update_post_meta( $autosave_autodraft_post->ID, '_customize_restore_dismissed', true ) ) { ++$dismissed; } } return $dismissed; } /** * Gets the changeset post ID for the loaded changeset. * * @since 4.7.0 * * @return int|null Post ID on success or null if there is no post yet saved. */ public function changeset_post_id() { if ( ! isset( $this->_changeset_post_id ) ) { $post_id = $this->find_changeset_post_id( $this->changeset_uuid() ); if ( ! $post_id ) { $post_id = false; } $this->_changeset_post_id = $post_id; } if ( false === $this->_changeset_post_id ) { return null; } return $this->_changeset_post_id; } /** * Gets the data stored in a changeset post. * * @since 4.7.0 * * @param int $post_id Changeset post ID. * @return array|WP_Error Changeset data or WP_Error on error. */ protected function get_changeset_post_data( $post_id ) { if ( ! $post_id ) { return new WP_Error( 'empty_post_id' ); } $changeset_post = get_post( $post_id ); if ( ! $changeset_post ) { return new WP_Error( 'missing_post' ); } if ( 'revision' === $changeset_post->post_type ) { if ( 'customize_changeset' !== get_post_type( $changeset_post->post_parent ) ) { return new WP_Error( 'wrong_post_type' ); } } elseif ( 'customize_changeset' !== $changeset_post->post_type ) { return new WP_Error( 'wrong_post_type' ); } $changeset_data = json_decode( $changeset_post->post_content, true ); $last_error = json_last_error(); if ( $last_error ) { return new WP_Error( 'json_parse_error', '', $last_error ); } if ( ! is_array( $changeset_data ) ) { return new WP_Error( 'expected_array' ); } return $changeset_data; } /** * Gets changeset data. * * @since 4.7.0 * @since 4.9.0 This will return the changeset's data with a user's autosave revision merged on top, if one exists and $autosaved is true. * * @return array Changeset data. */ public function changeset_data() { if ( isset( $this->_changeset_data ) ) { return $this->_changeset_data; } $changeset_post_id = $this->changeset_post_id(); if ( ! $changeset_post_id ) { $this->_changeset_data = array(); } else { if ( $this->autosaved() && is_user_logged_in() ) { $autosave_post = wp_get_post_autosave( $changeset_post_id, get_current_user_id() ); if ( $autosave_post ) { $data = $this->get_changeset_post_data( $autosave_post->ID ); if ( ! is_wp_error( $data ) ) { $this->_changeset_data = $data; } } } // Load data from the changeset if it was not loaded from an autosave. if ( ! isset( $this->_changeset_data ) ) { $data = $this->get_changeset_post_data( $changeset_post_id ); if ( ! is_wp_error( $data ) ) { $this->_changeset_data = $data; } else { $this->_changeset_data = array(); } } } return $this->_changeset_data; } /** * Starter content setting IDs. * * @since 4.7.0 * @var array */ protected $pending_starter_content_settings_ids = array(); /** * Imports theme starter content into the customized state. * * @since 4.7.0 * * @param array $starter_content Starter content. Defaults to `get_theme_starter_content()`. */ public function import_theme_starter_content( $starter_content = array() ) { if ( empty( $starter_content ) ) { $starter_content = get_theme_starter_content(); } $changeset_data = array(); if ( $this->changeset_post_id() ) { /* * Don't re-import starter content into a changeset saved persistently. * This will need to be revisited in the future once theme switching * is allowed with drafted/scheduled changesets, since switching to * another theme could result in more starter content being applied. * However, when doing an explicit save it is currently possible for * nav menus and nav menu items specifically to lose their starter_content * flags, thus resulting in duplicates being created since they fail * to get re-used. See #40146. */ if ( 'auto-draft' !== get_post_status( $this->changeset_post_id() ) ) { return; } $changeset_data = $this->get_changeset_post_data( $this->changeset_post_id() ); } $sidebars_widgets = isset( $starter_content['widgets'] ) && ! empty( $this->widgets ) ? $starter_content['widgets'] : array(); $attachments = isset( $starter_content['attachments'] ) && ! empty( $this->nav_menus ) ? $starter_content['attachments'] : array(); $posts = isset( $starter_content['posts'] ) && ! empty( $this->nav_menus ) ? $starter_content['posts'] : array(); $options = isset( $starter_content['options'] ) ? $starter_content['options'] : array(); $nav_menus = isset( $starter_content['nav_menus'] ) && ! empty( $this->nav_menus ) ? $starter_content['nav_menus'] : array(); $theme_mods = isset( $starter_content['theme_mods'] ) ? $starter_content['theme_mods'] : array(); // Widgets. $max_widget_numbers = array(); foreach ( $sidebars_widgets as $sidebar_id => $widgets ) { $sidebar_widget_ids = array(); foreach ( $widgets as $widget ) { list( $id_base, $instance ) = $widget; if ( ! isset( $max_widget_numbers[ $id_base ] ) ) { // When $settings is an array-like object, get an intrinsic array for use with array_keys(). $settings = get_option( "widget_{$id_base}", array() ); if ( $settings instanceof ArrayObject || $settings instanceof ArrayIterator ) { $settings = $settings->getArrayCopy(); } unset( $settings['_multiwidget'] ); // Find the max widget number for this type. $widget_numbers = array_keys( $settings ); if ( count( $widget_numbers ) > 0 ) { $widget_numbers[] = 1; $max_widget_numbers[ $id_base ] = max( ...$widget_numbers ); } else { $max_widget_numbers[ $id_base ] = 1; } } $max_widget_numbers[ $id_base ] += 1; $widget_id = sprintf( '%s-%d', $id_base, $max_widget_numbers[ $id_base ] ); $setting_id = sprintf( 'widget_%s[%d]', $id_base, $max_widget_numbers[ $id_base ] ); $setting_value = $this->widgets->sanitize_widget_js_instance( $instance ); if ( empty( $changeset_data[ $setting_id ] ) || ! empty( $changeset_data[ $setting_id ]['starter_content'] ) ) { $this->set_post_value( $setting_id, $setting_value ); $this->pending_starter_content_settings_ids[] = $setting_id; } $sidebar_widget_ids[] = $widget_id; } $setting_id = sprintf( 'sidebars_widgets[%s]', $sidebar_id ); if ( empty( $changeset_data[ $setting_id ] ) || ! empty( $changeset_data[ $setting_id ]['starter_content'] ) ) { $this->set_post_value( $setting_id, $sidebar_widget_ids ); $this->pending_starter_content_settings_ids[] = $setting_id; } } $starter_content_auto_draft_post_ids = array(); if ( ! empty( $changeset_data['nav_menus_created_posts']['value'] ) ) { $starter_content_auto_draft_post_ids = array_merge( $starter_content_auto_draft_post_ids, $changeset_data['nav_menus_created_posts']['value'] ); } // Make an index of all the posts needed and what their slugs are. $needed_posts = array(); $attachments = $this->prepare_starter_content_attachments( $attachments ); foreach ( $attachments as $attachment ) { $key = 'attachment:' . $attachment['post_name']; $needed_posts[ $key ] = true; } foreach ( array_keys( $posts ) as $post_symbol ) { if ( empty( $posts[ $post_symbol ]['post_name'] ) && empty( $posts[ $post_symbol ]['post_title'] ) ) { unset( $posts[ $post_symbol ] ); continue; } if ( empty( $posts[ $post_symbol ]['post_name'] ) ) { $posts[ $post_symbol ]['post_name'] = sanitize_title( $posts[ $post_symbol ]['post_title'] ); } if ( empty( $posts[ $post_symbol ]['post_type'] ) ) { $posts[ $post_symbol ]['post_type'] = 'post'; } $needed_posts[ $posts[ $post_symbol ]['post_type'] . ':' . $posts[ $post_symbol ]['post_name'] ] = true; } $all_post_slugs = array_merge( wp_list_pluck( $attachments, 'post_name' ), wp_list_pluck( $posts, 'post_name' ) ); /* * Obtain all post types referenced in starter content to use in query. * This is needed because 'any' will not account for post types not yet registered. */ $post_types = array_filter( array_merge( array( 'attachment' ), wp_list_pluck( $posts, 'post_type' ) ) ); // Re-use auto-draft starter content posts referenced in the current customized state. $existing_starter_content_posts = array(); if ( ! empty( $starter_content_auto_draft_post_ids ) ) { $existing_posts_query = new WP_Query( array( 'post__in' => $starter_content_auto_draft_post_ids, 'post_status' => 'auto-draft', 'post_type' => $post_types, 'posts_per_page' => -1, ) ); foreach ( $existing_posts_query->posts as $existing_post ) { $post_name = $existing_post->post_name; if ( empty( $post_name ) ) { $post_name = get_post_meta( $existing_post->ID, '_customize_draft_post_name', true ); } $existing_starter_content_posts[ $existing_post->post_type . ':' . $post_name ] = $existing_post; } } // Re-use non-auto-draft posts. if ( ! empty( $all_post_slugs ) ) { $existing_posts_query = new WP_Query( array( 'post_name__in' => $all_post_slugs, 'post_status' => array_diff( get_post_stati(), array( 'auto-draft' ) ), 'post_type' => 'any', 'posts_per_page' => -1, ) ); foreach ( $existing_posts_query->posts as $existing_post ) { $key = $existing_post->post_type . ':' . $existing_post->post_name; if ( isset( $needed_posts[ $key ] ) && ! isset( $existing_starter_content_posts[ $key ] ) ) { $existing_starter_content_posts[ $key ] = $existing_post; } } } // Attachments are technically posts but handled differently. if ( ! empty( $attachments ) ) { $attachment_ids = array(); foreach ( $attachments as $symbol => $attachment ) { $file_array = array( 'name' => $attachment['file_name'], ); $file_path = $attachment['file_path']; $attachment_id = null; $attached_file = null; if ( isset( $existing_starter_content_posts[ 'attachment:' . $attachment['post_name'] ] ) ) { $attachment_post = $existing_starter_content_posts[ 'attachment:' . $attachment['post_name'] ]; $attachment_id = $attachment_post->ID; $attached_file = get_attached_file( $attachment_id ); if ( empty( $attached_file ) || ! file_exists( $attached_file ) ) { $attachment_id = null; $attached_file = null; } elseif ( $this->get_stylesheet() !== get_post_meta( $attachment_post->ID, '_starter_content_theme', true ) ) { // Re-generate attachment metadata since it was previously generated for a different theme. $metadata = wp_generate_attachment_metadata( $attachment_post->ID, $attached_file ); wp_update_attachment_metadata( $attachment_id, $metadata ); update_post_meta( $attachment_id, '_starter_content_theme', $this->get_stylesheet() ); } } // Insert the attachment auto-draft because it doesn't yet exist or the attached file is gone. if ( ! $attachment_id ) { // Copy file to temp location so that original file won't get deleted from theme after sideloading. $temp_file_name = wp_tempnam( wp_basename( $file_path ) ); if ( $temp_file_name && copy( $file_path, $temp_file_name ) ) { $file_array['tmp_name'] = $temp_file_name; } if ( empty( $file_array['tmp_name'] ) ) { continue; } $attachment_post_data = array_merge( wp_array_slice_assoc( $attachment, array( 'post_title', 'post_content', 'post_excerpt' ) ), array( 'post_status' => 'auto-draft', // So attachment will be garbage collected in a week if changeset is never published. ) ); $attachment_id = media_handle_sideload( $file_array, 0, null, $attachment_post_data ); if ( is_wp_error( $attachment_id ) ) { continue; } update_post_meta( $attachment_id, '_starter_content_theme', $this->get_stylesheet() ); update_post_meta( $attachment_id, '_customize_draft_post_name', $attachment['post_name'] ); } $attachment_ids[ $symbol ] = $attachment_id; } $starter_content_auto_draft_post_ids = array_merge( $starter_content_auto_draft_post_ids, array_values( $attachment_ids ) ); } // Posts & pages. if ( ! empty( $posts ) ) { foreach ( array_keys( $posts ) as $post_symbol ) { if ( empty( $posts[ $post_symbol ]['post_type'] ) || empty( $posts[ $post_symbol ]['post_name'] ) ) { continue; } $post_type = $posts[ $post_symbol ]['post_type']; if ( ! empty( $posts[ $post_symbol ]['post_name'] ) ) { $post_name = $posts[ $post_symbol ]['post_name']; } elseif ( ! empty( $posts[ $post_symbol ]['post_title'] ) ) { $post_name = sanitize_title( $posts[ $post_symbol ]['post_title'] ); } else { continue; } // Use existing auto-draft post if one already exists with the same type and name. if ( isset( $existing_starter_content_posts[ $post_type . ':' . $post_name ] ) ) { $posts[ $post_symbol ]['ID'] = $existing_starter_content_posts[ $post_type . ':' . $post_name ]->ID; continue; } // Translate the featured image symbol. if ( ! empty( $posts[ $post_symbol ]['thumbnail'] ) && preg_match( '/^{{(?P<symbol>.+)}}$/', $posts[ $post_symbol ]['thumbnail'], $matches ) && isset( $attachment_ids[ $matches['symbol'] ] ) ) { $posts[ $post_symbol ]['meta_input']['_thumbnail_id'] = $attachment_ids[ $matches['symbol'] ]; } if ( ! empty( $posts[ $post_symbol ]['template'] ) ) { $posts[ $post_symbol ]['meta_input']['_wp_page_template'] = $posts[ $post_symbol ]['template']; } $r = $this->nav_menus->insert_auto_draft_post( $posts[ $post_symbol ] ); if ( $r instanceof WP_Post ) { $posts[ $post_symbol ]['ID'] = $r->ID; } } $starter_content_auto_draft_post_ids = array_merge( $starter_content_auto_draft_post_ids, wp_list_pluck( $posts, 'ID' ) ); } // The nav_menus_created_posts setting is why nav_menus component is dependency for adding posts. if ( ! empty( $this->nav_menus ) && ! empty( $starter_content_auto_draft_post_ids ) ) { $setting_id = 'nav_menus_created_posts'; $this->set_post_value( $setting_id, array_unique( array_values( $starter_content_auto_draft_post_ids ) ) ); $this->pending_starter_content_settings_ids[] = $setting_id; } // Nav menus. $placeholder_id = -1; $reused_nav_menu_setting_ids = array(); foreach ( $nav_menus as $nav_menu_location => $nav_menu ) { $nav_menu_term_id = null; $nav_menu_setting_id = null; $matches = array(); // Look for an existing placeholder menu with starter content to re-use. foreach ( $changeset_data as $setting_id => $setting_params ) { $can_reuse = ( ! empty( $setting_params['starter_content'] ) && ! in_array( $setting_id, $reused_nav_menu_setting_ids, true ) && preg_match( '#^nav_menu\[(?P<nav_menu_id>-?\d+)\]$#', $setting_id, $matches ) ); if ( $can_reuse ) { $nav_menu_term_id = (int) $matches['nav_menu_id']; $nav_menu_setting_id = $setting_id; $reused_nav_menu_setting_ids[] = $setting_id; break; } } if ( ! $nav_menu_term_id ) { while ( isset( $changeset_data[ sprintf( 'nav_menu[%d]', $placeholder_id ) ] ) ) { --$placeholder_id; } $nav_menu_term_id = $placeholder_id; $nav_menu_setting_id = sprintf( 'nav_menu[%d]', $placeholder_id ); } $this->set_post_value( $nav_menu_setting_id, array( 'name' => isset( $nav_menu['name'] ) ? $nav_menu['name'] : $nav_menu_location, ) ); $this->pending_starter_content_settings_ids[] = $nav_menu_setting_id; // @todo Add support for menu_item_parent. $position = 0; foreach ( $nav_menu['items'] as $nav_menu_item ) { $nav_menu_item_setting_id = sprintf( 'nav_menu_item[%d]', $placeholder_id-- ); if ( ! isset( $nav_menu_item['position'] ) ) { $nav_menu_item['position'] = $position++; } $nav_menu_item['nav_menu_term_id'] = $nav_menu_term_id; if ( isset( $nav_menu_item['object_id'] ) ) { if ( 'post_type' === $nav_menu_item['type'] && preg_match( '/^{{(?P<symbol>.+)}}$/', $nav_menu_item['object_id'], $matches ) && isset( $posts[ $matches['symbol'] ] ) ) { $nav_menu_item['object_id'] = $posts[ $matches['symbol'] ]['ID']; if ( empty( $nav_menu_item['title'] ) ) { $original_object = get_post( $nav_menu_item['object_id'] ); $nav_menu_item['title'] = $original_object->post_title; } } else { continue; } } else { $nav_menu_item['object_id'] = 0; } if ( empty( $changeset_data[ $nav_menu_item_setting_id ] ) || ! empty( $changeset_data[ $nav_menu_item_setting_id ]['starter_content'] ) ) { $this->set_post_value( $nav_menu_item_setting_id, $nav_menu_item ); $this->pending_starter_content_settings_ids[] = $nav_menu_item_setting_id; } } $setting_id = sprintf( 'nav_menu_locations[%s]', $nav_menu_location ); if ( empty( $changeset_data[ $setting_id ] ) || ! empty( $changeset_data[ $setting_id ]['starter_content'] ) ) { $this->set_post_value( $setting_id, $nav_menu_term_id ); $this->pending_starter_content_settings_ids[] = $setting_id; } } // Options. foreach ( $options as $name => $value ) { // Serialize the value to check for post symbols. $value = maybe_serialize( $value ); if ( is_serialized( $value ) ) { if ( preg_match( '/s:\d+:"{{(?P<symbol>.+)}}"/', $value, $matches ) ) { if ( isset( $posts[ $matches['symbol'] ] ) ) { $symbol_match = $posts[ $matches['symbol'] ]['ID']; } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { $symbol_match = $attachment_ids[ $matches['symbol'] ]; } // If we have any symbol matches, update the values. if ( isset( $symbol_match ) ) { // Replace found string matches with post IDs. $value = str_replace( $matches[0], "i:{$symbol_match}", $value ); } else { continue; } } } elseif ( preg_match( '/^{{(?P<symbol>.+)}}$/', $value, $matches ) ) { if ( isset( $posts[ $matches['symbol'] ] ) ) { $value = $posts[ $matches['symbol'] ]['ID']; } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { $value = $attachment_ids[ $matches['symbol'] ]; } else { continue; } } // Unserialize values after checking for post symbols, so they can be properly referenced. $value = maybe_unserialize( $value ); if ( empty( $changeset_data[ $name ] ) || ! empty( $changeset_data[ $name ]['starter_content'] ) ) { $this->set_post_value( $name, $value ); $this->pending_starter_content_settings_ids[] = $name; } } // Theme mods. foreach ( $theme_mods as $name => $value ) { // Serialize the value to check for post symbols. $value = maybe_serialize( $value ); // Check if value was serialized. if ( is_serialized( $value ) ) { if ( preg_match( '/s:\d+:"{{(?P<symbol>.+)}}"/', $value, $matches ) ) { if ( isset( $posts[ $matches['symbol'] ] ) ) { $symbol_match = $posts[ $matches['symbol'] ]['ID']; } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { $symbol_match = $attachment_ids[ $matches['symbol'] ]; } // If we have any symbol matches, update the values. if ( isset( $symbol_match ) ) { // Replace found string matches with post IDs. $value = str_replace( $matches[0], "i:{$symbol_match}", $value ); } else { continue; } } } elseif ( preg_match( '/^{{(?P<symbol>.+)}}$/', $value, $matches ) ) { if ( isset( $posts[ $matches['symbol'] ] ) ) { $value = $posts[ $matches['symbol'] ]['ID']; } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { $value = $attachment_ids[ $matches['symbol'] ]; } else { continue; } } // Unserialize values after checking for post symbols, so they can be properly referenced. $value = maybe_unserialize( $value ); // Handle header image as special case since setting has a legacy format. if ( 'header_image' === $name ) { $name = 'header_image_data'; $metadata = wp_get_attachment_metadata( $value ); if ( empty( $metadata ) ) { continue; } $value = array( 'attachment_id' => $value, 'url' => wp_get_attachment_url( $value ), 'height' => $metadata['height'], 'width' => $metadata['width'], ); } elseif ( 'background_image' === $name ) { $value = wp_get_attachment_url( $value ); } if ( empty( $changeset_data[ $name ] ) || ! empty( $changeset_data[ $name ]['starter_content'] ) ) { $this->set_post_value( $name, $value ); $this->pending_starter_content_settings_ids[] = $name; } } if ( ! empty( $this->pending_starter_content_settings_ids ) ) { if ( did_action( 'customize_register' ) ) { $this->_save_starter_content_changeset(); } else { add_action( 'customize_register', array( $this, '_save_starter_content_changeset' ), 1000 ); } } } /** * Prepares starter content attachments. * * Ensure that the attachments are valid and that they have slugs and file name/path. * * @since 4.7.0 * * @param array $attachments Attachments. * @return array Prepared attachments. */ protected function prepare_starter_content_attachments( $attachments ) { $prepared_attachments = array(); if ( empty( $attachments ) ) { return $prepared_attachments; } // Such is The WordPress Way. require_once ABSPATH . 'wp-admin/includes/file.php'; require_once ABSPATH . 'wp-admin/includes/media.php'; require_once ABSPATH . 'wp-admin/includes/image.php'; foreach ( $attachments as $symbol => $attachment ) { // A file is required and URLs to files are not currently allowed. if ( empty( $attachment['file'] ) || preg_match( '#^https?://$#', $attachment['file'] ) ) { continue; } $file_path = null; if ( file_exists( $attachment['file'] ) ) { $file_path = $attachment['file']; // Could be absolute path to file in plugin. } elseif ( is_child_theme() && file_exists( get_stylesheet_directory() . '/' . $attachment['file'] ) ) { $file_path = get_stylesheet_directory() . '/' . $attachment['file']; } elseif ( file_exists( get_template_directory() . '/' . $attachment['file'] ) ) { $file_path = get_template_directory() . '/' . $attachment['file']; } else { continue; } $file_name = wp_basename( $attachment['file'] ); // Skip file types that are not recognized. $checked_filetype = wp_check_filetype( $file_name ); if ( empty( $checked_filetype['type'] ) ) { continue; } // Ensure post_name is set since not automatically derived from post_title for new auto-draft posts. if ( empty( $attachment['post_name'] ) ) { if ( ! empty( $attachment['post_title'] ) ) { $attachment['post_name'] = sanitize_title( $attachment['post_title'] ); } else { $attachment['post_name'] = sanitize_title( preg_replace( '/\.\w+$/', '', $file_name ) ); } } $attachment['file_name'] = $file_name; $attachment['file_path'] = $file_path; $prepared_attachments[ $symbol ] = $attachment; } return $prepared_attachments; } /** * Saves starter content changeset. * * @since 4.7.0 */ public function _save_starter_content_changeset() { if ( empty( $this->pending_starter_content_settings_ids ) ) { return; } $this->save_changeset_post( array( 'data' => array_fill_keys( $this->pending_starter_content_settings_ids, array( 'starter_content' => true ) ), 'starter_content' => true, ) ); $this->saved_starter_content_changeset = true; $this->pending_starter_content_settings_ids = array(); } /** * Gets dirty pre-sanitized setting values in the current customized state. * * The returned array consists of a merge of three sources: * 1. If the theme is not currently active, then the base array is any stashed * theme mods that were modified previously but never published. * 2. The values from the current changeset, if it exists. * 3. If the user can customize, the values parsed from the incoming * `$_POST['customized']` JSON data. * 4. Any programmatically-set post values via `WP_Customize_Manager::set_post_value()`. * * The name "unsanitized_post_values" is a carry-over from when the customized * state was exclusively sourced from `$_POST['customized']`. Nevertheless, * the value returned will come from the current changeset post and from the * incoming post data. * * @since 4.1.1 * @since 4.7.0 Added `$args` parameter and merging with changeset values and stashed theme mods. * * @param array $args { * Args. * * @type bool $exclude_changeset Whether the changeset values should also be excluded. Defaults to false. * @type bool $exclude_post_data Whether the post input values should also be excluded. Defaults to false when lacking the customize capability. * } * @return array */ public function unsanitized_post_values( $args = array() ) { $args = array_merge( array( 'exclude_changeset' => false, 'exclude_post_data' => ! current_user_can( 'customize' ), ), $args ); $values = array(); // Let default values be from the stashed theme mods if doing a theme switch and if no changeset is present. if ( ! $this->is_theme_active() ) { $stashed_theme_mods = get_option( 'customize_stashed_theme_mods' ); $stylesheet = $this->get_stylesheet(); if ( isset( $stashed_theme_mods[ $stylesheet ] ) ) { $values = array_merge( $values, wp_list_pluck( $stashed_theme_mods[ $stylesheet ], 'value' ) ); } } if ( ! $args['exclude_changeset'] ) { foreach ( $this->changeset_data() as $setting_id => $setting_params ) { if ( ! array_key_exists( 'value', $setting_params ) ) { continue; } if ( isset( $setting_params['type'] ) && 'theme_mod' === $setting_params['type'] ) { // Ensure that theme mods values are only used if they were saved under the active theme. $namespace_pattern = '/^(?P<stylesheet>.+?)::(?P<setting_id>.+)$/'; if ( preg_match( $namespace_pattern, $setting_id, $matches ) && $this->get_stylesheet() === $matches['stylesheet'] ) { $values[ $matches['setting_id'] ] = $setting_params['value']; } } else { $values[ $setting_id ] = $setting_params['value']; } } } if ( ! $args['exclude_post_data'] ) { if ( ! isset( $this->_post_values ) ) { if ( isset( $_POST['customized'] ) ) { $post_values = json_decode( wp_unslash( $_POST['customized'] ), true ); } else { $post_values = array(); } if ( is_array( $post_values ) ) { $this->_post_values = $post_values; } else { $this->_post_values = array(); } } $values = array_merge( $values, $this->_post_values ); } return $values; } /** * Returns the sanitized value for a given setting from the current customized state. * * The name "post_value" is a carry-over from when the customized state was exclusively * sourced from `$_POST['customized']`. Nevertheless, the value returned will come * from the current changeset post and from the incoming post data. * * @since 3.4.0 * @since 4.1.1 Introduced the `$default_value` parameter. * @since 4.6.0 `$default_value` is now returned early when the setting post value is invalid. * * @see WP_REST_Server::dispatch() * @see WP_REST_Request::sanitize_params() * @see WP_REST_Request::has_valid_params() * * @param WP_Customize_Setting $setting A WP_Customize_Setting derived object. * @param mixed $default_value Value returned if `$setting` has no post value (added in 4.2.0) * or the post value is invalid (added in 4.6.0). * @return string|mixed Sanitized value or the `$default_value` provided. */ public function post_value( $setting, $default_value = null ) { $post_values = $this->unsanitized_post_values(); if ( ! array_key_exists( $setting->id, $post_values ) ) { return $default_value; } $value = $post_values[ $setting->id ]; $valid = $setting->validate( $value ); if ( is_wp_error( $valid ) ) { return $default_value; } $value = $setting->sanitize( $value ); if ( is_null( $value ) || is_wp_error( $value ) ) { return $default_value; } return $value; } /** * Overrides a setting's value in the current customized state. * * The name "post_value" is a carry-over from when the customized state was * exclusively sourced from `$_POST['customized']`. * * @since 4.2.0 * * @param string $setting_id ID for the WP_Customize_Setting instance. * @param mixed $value Post value. */ public function set_post_value( $setting_id, $value ) { $this->unsanitized_post_values(); // Populate _post_values from $_POST['customized']. $this->_post_values[ $setting_id ] = $value; /** * Announces when a specific setting's unsanitized post value has been set. * * Fires when the WP_Customize_Manager::set_post_value() method is called. * * The dynamic portion of the hook name, `$setting_id`, refers to the setting ID. * * @since 4.4.0 * * @param mixed $value Unsanitized setting post value. * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ do_action( "customize_post_value_set_{$setting_id}", $value, $this ); /** * Announces when any setting's unsanitized post value has been set. * * Fires when the WP_Customize_Manager::set_post_value() method is called. * * This is useful for `WP_Customize_Setting` instances to watch * in order to update a cached previewed value. * * @since 4.4.0 * * @param string $setting_id Setting ID. * @param mixed $value Unsanitized setting post value. * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ do_action( 'customize_post_value_set', $setting_id, $value, $this ); } /** * Prints JavaScript settings. * * @since 3.4.0 */ public function customize_preview_init() { /* * Now that Customizer previews are loaded into iframes via GET requests * and natural URLs with transaction UUIDs added, we need to ensure that * the responses are never cached by proxies. In practice, this will not * be needed if the user is logged-in anyway. But if anonymous access is * allowed then the auth cookies would not be sent and WordPress would * not send no-cache headers by default. */ if ( ! headers_sent() ) { nocache_headers(); header( 'X-Robots: noindex, nofollow, noarchive' ); header( 'X-Robots-Tag: noindex, nofollow, noarchive' ); } add_filter( 'wp_robots', 'wp_robots_no_robots' ); add_filter( 'wp_headers', array( $this, 'filter_iframe_security_headers' ) ); /* * If preview is being served inside the customizer preview iframe, and * if the user doesn't have customize capability, then it is assumed * that the user's session has expired and they need to re-authenticate. */ if ( $this->messenger_channel && ! current_user_can( 'customize' ) ) { $this->wp_die( -1, sprintf( /* translators: %s: customize_messenger_channel */ __( 'Unauthorized. You may remove the %s param to preview as frontend.' ), '<code>customize_messenger_channel<code>' ) ); return; } $this->prepare_controls(); add_filter( 'wp_redirect', array( $this, 'add_state_query_params' ) ); wp_enqueue_script( 'customize-preview' ); wp_enqueue_style( 'customize-preview' ); add_action( 'wp_head', array( $this, 'customize_preview_loading_style' ) ); add_action( 'wp_head', array( $this, 'remove_frameless_preview_messenger_channel' ) ); add_action( 'wp_footer', array( $this, 'customize_preview_settings' ), 20 ); add_filter( 'get_edit_post_link', '__return_empty_string' ); /** * Fires once the Customizer preview has initialized and JavaScript * settings have been printed. * * @since 3.4.0 * * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ do_action( 'customize_preview_init', $this ); } /** * Filters the X-Frame-Options and Content-Security-Policy headers to ensure frontend can load in customizer. * * @since 4.7.0 * * @param array $headers Headers. * @return array Headers. */ public function filter_iframe_security_headers( $headers ) { $headers['X-Frame-Options'] = 'SAMEORIGIN'; $headers['Content-Security-Policy'] = "frame-ancestors 'self'"; return $headers; } /** * Adds customize state query params to a given URL if preview is allowed. * * @since 4.7.0 * * @see wp_redirect() * @see WP_Customize_Manager::get_allowed_url() * * @param string $url URL. * @return string URL. */ public function add_state_query_params( $url ) { $parsed_original_url = wp_parse_url( $url ); $is_allowed = false; foreach ( $this->get_allowed_urls() as $allowed_url ) { $parsed_allowed_url = wp_parse_url( $allowed_url ); $is_allowed = ( $parsed_allowed_url['scheme'] === $parsed_original_url['scheme'] && $parsed_allowed_url['host'] === $parsed_original_url['host'] && str_starts_with( $parsed_original_url['path'], $parsed_allowed_url['path'] ) ); if ( $is_allowed ) { break; } } if ( $is_allowed ) { $query_params = array( 'customize_changeset_uuid' => $this->changeset_uuid(), ); if ( ! $this->is_theme_active() ) { $query_params['customize_theme'] = $this->get_stylesheet(); } if ( $this->messenger_channel ) { $query_params['customize_messenger_channel'] = $this->messenger_channel; } $url = add_query_arg( $query_params, $url ); } return $url; } /** * Prevents sending a 404 status when returning the response for the customize * preview, since it causes the jQuery Ajax to fail. Send 200 instead. * * @since 4.0.0 * @deprecated 4.7.0 */ public function customize_preview_override_404_status() { _deprecated_function( __METHOD__, '4.7.0' ); } /** * Prints base element for preview frame. * * @since 3.4.0 * @deprecated 4.7.0 */ public function customize_preview_base() { _deprecated_function( __METHOD__, '4.7.0' ); } /** * Prints a workaround to handle HTML5 tags in IE < 9. * * @since 3.4.0 * @deprecated 4.7.0 Customizer no longer supports IE8, so all supported browsers recognize HTML5. */ public function customize_preview_html5() { _deprecated_function( __FUNCTION__, '4.7.0' ); } /** * Prints CSS for loading indicators for the Customizer preview. * * @since 4.2.0 */ public function customize_preview_loading_style() { ?> <style> body.wp-customizer-unloading { opacity: 0.25; cursor: progress !important; -webkit-transition: opacity 0.5s; transition: opacity 0.5s; } body.wp-customizer-unloading * { pointer-events: none !important; } form.customize-unpreviewable, form.customize-unpreviewable input, form.customize-unpreviewable select, form.customize-unpreviewable button, a.customize-unpreviewable, area.customize-unpreviewable { cursor: not-allowed !important; } </style> <?php } /** * Removes customize_messenger_channel query parameter from the preview window when it is not in an iframe. * * This ensures that the admin bar will be shown. It also ensures that link navigation will * work as expected since the parent frame is not being sent the URL to navigate to. * * @since 4.7.0 */ public function remove_frameless_preview_messenger_channel() { if ( ! $this->messenger_channel ) { return; } ob_start(); ?> <script> ( function() { if ( parent !== window ) { return; } const url = new URL( location.href ); if ( url.searchParams.has( 'customize_messenger_channel' ) ) { url.searchParams.delete( 'customize_messenger_channel' ); location.replace( url ); } } )(); </script> <?php wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) . "\n//# sourceURL=" . rawurlencode( __METHOD__ ) ); } /** * Prints JavaScript settings for preview frame. * * @since 3.4.0 */ public function customize_preview_settings() { $post_values = $this->unsanitized_post_values( array( 'exclude_changeset' => true ) ); $setting_validities = $this->validate_setting_values( $post_values ); $exported_setting_validities = array_map( array( $this, 'prepare_setting_validity_for_js' ), $setting_validities ); // Note that the REQUEST_URI is not passed into home_url() since this breaks subdirectory installations. $self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ) ); $state_query_params = array( 'customize_theme', 'customize_changeset_uuid', 'customize_messenger_channel', ); $self_url = remove_query_arg( $state_query_params, $self_url ); $allowed_urls = $this->get_allowed_urls(); $allowed_hosts = array(); foreach ( $allowed_urls as $allowed_url ) { $parsed = wp_parse_url( $allowed_url ); if ( empty( $parsed['host'] ) ) { continue; } $host = $parsed['host']; if ( ! empty( $parsed['port'] ) ) { $host .= ':' . $parsed['port']; } $allowed_hosts[] = $host; } $switched_locale = switch_to_user_locale( get_current_user_id() ); $l10n = array( 'shiftClickToEdit' => __( 'Shift-click to edit this element.' ), 'linkUnpreviewable' => __( 'This link is not live-previewable.' ), 'formUnpreviewable' => __( 'This form is not live-previewable.' ), ); if ( $switched_locale ) { restore_previous_locale(); } $settings = array( 'changeset' => array( 'uuid' => $this->changeset_uuid(), 'autosaved' => $this->autosaved(), ), 'timeouts' => array( 'selectiveRefresh' => 250, 'keepAliveSend' => 1000, ), 'theme' => array( 'stylesheet' => $this->get_stylesheet(), 'active' => $this->is_theme_active(), 'isBlockTheme' => wp_is_block_theme(), ), 'url' => array( 'self' => $self_url, 'allowed' => array_map( 'sanitize_url', $this->get_allowed_urls() ), 'allowedHosts' => array_unique( $allowed_hosts ), 'isCrossDomain' => $this->is_cross_domain(), ), 'channel' => $this->messenger_channel, 'activePanels' => array(), 'activeSections' => array(), 'activeControls' => array(), 'settingValidities' => $exported_setting_validities, 'nonce' => current_user_can( 'customize' ) ? $this->get_nonces() : array(), 'l10n' => $l10n, '_dirty' => array_keys( $post_values ), ); foreach ( $this->panels as $panel_id => $panel ) { if ( $panel->check_capabilities() ) { $settings['activePanels'][ $panel_id ] = $panel->active(); foreach ( $panel->sections as $section_id => $section ) { if ( $section->check_capabilities() ) { $settings['activeSections'][ $section_id ] = $section->active(); } } } } foreach ( $this->sections as $id => $section ) { if ( $section->check_capabilities() ) { $settings['activeSections'][ $id ] = $section->active(); } } foreach ( $this->controls as $id => $control ) { if ( $control->check_capabilities() ) { $settings['activeControls'][ $id ] = $control->active(); } } ob_start(); ?> <script> var _wpCustomizeSettings = <?php echo wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); ?>; _wpCustomizeSettings.values = {}; (function( v ) { <?php /* * Serialize settings separately from the initial _wpCustomizeSettings * serialization in order to avoid a peak memory usage spike. * @todo We may not even need to export the values at all since the pane syncs them anyway. */ foreach ( $this->settings as $id => $setting ) { if ( $setting->check_capabilities() ) { printf( "v[%s] = %s;\n", wp_json_encode( $id, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), wp_json_encode( $setting->js_value(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); } } ?> })( _wpCustomizeSettings.values ); </script> <?php wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) . "\n//# sourceURL=" . rawurlencode( __METHOD__ ) ); } /** * Prints a signature so we can ensure the Customizer was properly executed. * * @since 3.4.0 * @deprecated 4.7.0 */ public function customize_preview_signature() { _deprecated_function( __METHOD__, '4.7.0' ); } /** * Removes the signature in case we experience a case where the Customizer was not properly executed. * * @since 3.4.0 * @deprecated 4.7.0 * * @param callable|null $callback Optional. Value passed through for {@see 'wp_die_handler'} filter. * Default null. * @return callable|null Value passed through for {@see 'wp_die_handler'} filter. */ public function remove_preview_signature( $callback = null ) { _deprecated_function( __METHOD__, '4.7.0' ); return $callback; } /** * Determines whether it is a theme preview or not. * * @since 3.4.0 * * @return bool True if it's a preview, false if not. */ public function is_preview() { return (bool) $this->previewing; } /** * Retrieves the template name of the previewed theme. * * @since 3.4.0 * * @return string Template name. */ public function get_template() { return $this->theme()->get_template(); } /** * Retrieves the stylesheet name of the previewed theme. * * @since 3.4.0 * * @return string Stylesheet name. */ public function get_stylesheet() { return $this->theme()->get_stylesheet(); } /** * Retrieves the template root of the previewed theme. * * @since 3.4.0 * * @return string Theme root. */ public function get_template_root() { return get_raw_theme_root( $this->get_template(), true ); } /** * Retrieves the stylesheet root of the previewed theme. * * @since 3.4.0 * * @return string Theme root. */ public function get_stylesheet_root() { return get_raw_theme_root( $this->get_stylesheet(), true ); } /** * Filters the active theme and return the name of the previewed theme. * * @since 3.4.0 * * @param mixed $current_theme {@internal Parameter is not used} * @return string Theme name. */ public function current_theme( $current_theme ) { return $this->theme()->display( 'Name' ); } /** * Validates setting values. * * Validation is skipped for unregistered settings or for values that are * already null since they will be skipped anyway. Sanitization is applied * to values that pass validation, and values that become null or `WP_Error` * after sanitizing are marked invalid. * * @since 4.6.0 * * @see WP_REST_Request::has_valid_params() * @see WP_Customize_Setting::validate() * * @param array $setting_values Mapping of setting IDs to values to validate and sanitize. * @param array $options { * Options. * * @type bool $validate_existence Whether a setting's existence will be checked. * @type bool $validate_capability Whether the setting capability will be checked. * } * @return array Mapping of setting IDs to return value of validate method calls, either `true` or `WP_Error`. */ public function validate_setting_values( $setting_values, $options = array() ) { $options = wp_parse_args( $options, array( 'validate_capability' => false, 'validate_existence' => false, ) ); $validities = array(); foreach ( $setting_values as $setting_id => $unsanitized_value ) { $setting = $this->get_setting( $setting_id ); if ( ! $setting ) { if ( $options['validate_existence'] ) { $validities[ $setting_id ] = new WP_Error( 'unrecognized', __( 'Setting does not exist or is unrecognized.' ) ); } continue; } if ( $options['validate_capability'] && ! current_user_can( $setting->capability ) ) { $validity = new WP_Error( 'unauthorized', __( 'Unauthorized to modify setting due to capability.' ) ); } else { if ( is_null( $unsanitized_value ) ) { continue; } $validity = $setting->validate( $unsanitized_value ); } if ( ! is_wp_error( $validity ) ) { /** This filter is documented in wp-includes/class-wp-customize-setting.php */ $late_validity = apply_filters( "customize_validate_{$setting->id}", new WP_Error(), $unsanitized_value, $setting ); if ( is_wp_error( $late_validity ) && $late_validity->has_errors() ) { $validity = $late_validity; } } if ( ! is_wp_error( $validity ) ) { $value = $setting->sanitize( $unsanitized_value ); if ( is_null( $value ) ) { $validity = false; } elseif ( is_wp_error( $value ) ) { $validity = $value; } } if ( false === $validity ) { $validity = new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); } $validities[ $setting_id ] = $validity; } return $validities; } /** * Prepares setting validity for exporting to the client (JS). * * Converts `WP_Error` instance into array suitable for passing into the * `wp.customize.Notification` JS model. * * @since 4.6.0 * * @param true|WP_Error $validity Setting validity. * @return true|array If `$validity` was a WP_Error, the error codes will be array-mapped * to their respective `message` and `data` to pass into the * `wp.customize.Notification` JS model. */ public function prepare_setting_validity_for_js( $validity ) { if ( is_wp_error( $validity ) ) { $notification = array(); foreach ( $validity->errors as $error_code => $error_messages ) { $notification[ $error_code ] = array( 'message' => implode( ' ', $error_messages ), 'data' => $validity->get_error_data( $error_code ), ); } return $notification; } else { return true; } } /** * Handles customize_save WP Ajax request to save/update a changeset. * * @since 3.4.0 * @since 4.7.0 The semantics of this method have changed to update a changeset, optionally to also change the status and other attributes. */ public function save() { if ( ! is_user_logged_in() ) { wp_send_json_error( 'unauthenticated' ); } if ( ! $this->is_preview() ) { wp_send_json_error( 'not_preview' ); } $action = 'save-customize_' . $this->get_stylesheet(); if ( ! check_ajax_referer( $action, 'nonce', false ) ) { wp_send_json_error( 'invalid_nonce' ); } $changeset_post_id = $this->changeset_post_id(); $is_new_changeset = empty( $changeset_post_id ); if ( $is_new_changeset ) { if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->create_posts ) ) { wp_send_json_error( 'cannot_create_changeset_post' ); } } else { if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) ) { wp_send_json_error( 'cannot_edit_changeset_post' ); } } if ( ! empty( $_POST['customize_changeset_data'] ) ) { $input_changeset_data = json_decode( wp_unslash( $_POST['customize_changeset_data'] ), true ); if ( ! is_array( $input_changeset_data ) ) { wp_send_json_error( 'invalid_customize_changeset_data' ); } } else { $input_changeset_data = array(); } // Validate title. $changeset_title = null; if ( isset( $_POST['customize_changeset_title'] ) ) { $changeset_title = sanitize_text_field( wp_unslash( $_POST['customize_changeset_title'] ) ); } // Validate changeset status param. $is_publish = null; $changeset_status = null; if ( isset( $_POST['customize_changeset_status'] ) ) { $changeset_status = wp_unslash( $_POST['customize_changeset_status'] ); if ( ! get_post_status_object( $changeset_status ) || ! in_array( $changeset_status, array( 'draft', 'pending', 'publish', 'future' ), true ) ) { wp_send_json_error( 'bad_customize_changeset_status', 400 ); } $is_publish = ( 'publish' === $changeset_status || 'future' === $changeset_status ); if ( $is_publish && ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->publish_posts ) ) { wp_send_json_error( 'changeset_publish_unauthorized', 403 ); } } /* * Validate changeset date param. Date is assumed to be in local time for * the WP if in MySQL format (YYYY-MM-DD HH:MM:SS). Otherwise, the date * is parsed with strtotime() so that ISO date format may be supplied * or a string like "+10 minutes". */ $changeset_date_gmt = null; if ( isset( $_POST['customize_changeset_date'] ) ) { $changeset_date = wp_unslash( $_POST['customize_changeset_date'] ); if ( preg_match( '/^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d$/', $changeset_date ) ) { $mm = substr( $changeset_date, 5, 2 ); $jj = substr( $changeset_date, 8, 2 ); $aa = substr( $changeset_date, 0, 4 ); $valid_date = wp_checkdate( $mm, $jj, $aa, $changeset_date ); if ( ! $valid_date ) { wp_send_json_error( 'bad_customize_changeset_date', 400 ); } $changeset_date_gmt = get_gmt_from_date( $changeset_date ); } else { $timestamp = strtotime( $changeset_date ); if ( ! $timestamp ) { wp_send_json_error( 'bad_customize_changeset_date', 400 ); } $changeset_date_gmt = gmdate( 'Y-m-d H:i:s', $timestamp ); } } $lock_user_id = null; $autosave = ! empty( $_POST['customize_changeset_autosave'] ); if ( ! $is_new_changeset ) { $lock_user_id = wp_check_post_lock( $this->changeset_post_id() ); } // Force request to autosave when changeset is locked. if ( $lock_user_id && ! $autosave ) { $autosave = true; $changeset_status = null; $changeset_date_gmt = null; } if ( $autosave && ! defined( 'DOING_AUTOSAVE' ) ) { // Back-compat. define( 'DOING_AUTOSAVE', true ); } $autosaved = false; $r = $this->save_changeset_post( array( 'status' => $changeset_status, 'title' => $changeset_title, 'date_gmt' => $changeset_date_gmt, 'data' => $input_changeset_data, 'autosave' => $autosave, ) ); if ( $autosave && ! is_wp_error( $r ) ) { $autosaved = true; } // If the changeset was locked and an autosave request wasn't itself an error, then now explicitly return with a failure. if ( $lock_user_id && ! is_wp_error( $r ) ) { $r = new WP_Error( 'changeset_locked', __( 'Changeset is being edited by other user.' ), array( 'lock_user' => $this->get_lock_user_data( $lock_user_id ), ) ); } if ( is_wp_error( $r ) ) { $response = array( 'message' => $r->get_error_message(), 'code' => $r->get_error_code(), ); if ( is_array( $r->get_error_data() ) ) { $response = array_merge( $response, $r->get_error_data() ); } else { $response['data'] = $r->get_error_data(); } } else { $response = $r; $changeset_post = get_post( $this->changeset_post_id() ); // Dismiss all other auto-draft changeset posts for this user (they serve like autosave revisions), as there should only be one. if ( $is_new_changeset ) { $this->dismiss_user_auto_draft_changesets(); } // Note that if the changeset status was publish, then it will get set to Trash if revisions are not supported. $response['changeset_status'] = $changeset_post->post_status; if ( $is_publish && 'trash' === $response['changeset_status'] ) { $response['changeset_status'] = 'publish'; } if ( 'publish' !== $response['changeset_status'] ) { $this->set_changeset_lock( $changeset_post->ID ); } if ( 'future' === $response['changeset_status'] ) { $response['changeset_date'] = $changeset_post->post_date; } if ( 'publish' === $response['changeset_status'] || 'trash' === $response['changeset_status'] ) { $response['next_changeset_uuid'] = wp_generate_uuid4(); } } if ( $autosave ) { $response['autosaved'] = $autosaved; } if ( isset( $response['setting_validities'] ) ) { $response['setting_validities'] = array_map( array( $this, 'prepare_setting_validity_for_js' ), $response['setting_validities'] ); } /** * Filters response data for a successful customize_save Ajax request. * * This filter does not apply if there was a nonce or authentication failure. * * @since 4.2.0 * * @param array $response Additional information passed back to the 'saved' * event on `wp.customize`. * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ $response = apply_filters( 'customize_save_response', $response, $this ); if ( is_wp_error( $r ) ) { wp_send_json_error( $response ); } else { wp_send_json_success( $response ); } } /** * Saves the post for the loaded changeset. * * @since 4.7.0 * * @param array $args { * Args for changeset post. * * @type array $data Optional additional changeset data. Values will be merged on top of any existing post values. * @type string $status Post status. Optional. If supplied, the save will be transactional and a post revision will be allowed. * @type string $title Post title. Optional. * @type string $date_gmt Date in GMT. Optional. * @type int $user_id ID for user who is saving the changeset. Optional, defaults to the current user ID. * @type bool $starter_content Whether the data is starter content. If false (default), then $starter_content will be cleared for any $data being saved. * @type bool $autosave Whether this is a request to create an autosave revision. * } * * @return array|WP_Error Returns array on success and WP_Error with array data on error. */ public function save_changeset_post( $args = array() ) { $args = array_merge( array( 'status' => null, 'title' => null, 'data' => array(), 'date_gmt' => null, 'user_id' => get_current_user_id(), 'starter_content' => false, 'autosave' => false, ), $args ); $changeset_post_id = $this->changeset_post_id(); $existing_changeset_data = array(); if ( $changeset_post_id ) { $existing_status = get_post_status( $changeset_post_id ); if ( 'publish' === $existing_status || 'trash' === $existing_status ) { return new WP_Error( 'changeset_already_published', __( 'The previous set of changes has already been published. Please try saving your current set of changes again.' ), array( 'next_changeset_uuid' => wp_generate_uuid4(), ) ); } $existing_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); if ( is_wp_error( $existing_changeset_data ) ) { return $existing_changeset_data; } } // Fail if attempting to publish but publish hook is missing. if ( 'publish' === $args['status'] && false === has_action( 'transition_post_status', '_wp_customize_publish_changeset' ) ) { return new WP_Error( 'missing_publish_callback' ); } // Validate date. $now = gmdate( 'Y-m-d H:i:59' ); if ( $args['date_gmt'] ) { $is_future_dated = ( mysql2date( 'U', $args['date_gmt'], false ) > mysql2date( 'U', $now, false ) ); if ( ! $is_future_dated ) { return new WP_Error( 'not_future_date', __( 'You must supply a future date to schedule.' ) ); // Only future dates are allowed. } if ( ! $this->is_theme_active() && ( 'future' === $args['status'] || $is_future_dated ) ) { return new WP_Error( 'cannot_schedule_theme_switches' ); // This should be allowed in the future, when theme is a regular setting. } $will_remain_auto_draft = ( ! $args['status'] && ( ! $changeset_post_id || 'auto-draft' === get_post_status( $changeset_post_id ) ) ); if ( $will_remain_auto_draft ) { return new WP_Error( 'cannot_supply_date_for_auto_draft_changeset' ); } } elseif ( $changeset_post_id && 'future' === $args['status'] ) { // Fail if the new status is future but the existing post's date is not in the future. $changeset_post = get_post( $changeset_post_id ); if ( mysql2date( 'U', $changeset_post->post_date_gmt, false ) <= mysql2date( 'U', $now, false ) ) { return new WP_Error( 'not_future_date', __( 'You must supply a future date to schedule.' ) ); } } if ( ! empty( $is_future_dated ) && 'publish' === $args['status'] ) { $args['status'] = 'future'; } // Validate autosave param. See _wp_post_revision_fields() for why these fields are disallowed. if ( $args['autosave'] ) { if ( $args['date_gmt'] ) { return new WP_Error( 'illegal_autosave_with_date_gmt' ); } elseif ( $args['status'] ) { return new WP_Error( 'illegal_autosave_with_status' ); } elseif ( $args['user_id'] && get_current_user_id() !== $args['user_id'] ) { return new WP_Error( 'illegal_autosave_with_non_current_user' ); } } // The request was made via wp.customize.previewer.save(). $update_transactionally = (bool) $args['status']; $allow_revision = (bool) $args['status']; // Amend post values with any supplied data. foreach ( $args['data'] as $setting_id => $setting_params ) { if ( is_array( $setting_params ) && array_key_exists( 'value', $setting_params ) ) { $this->set_post_value( $setting_id, $setting_params['value'] ); // Add to post values so that they can be validated and sanitized. } } // Note that in addition to post data, this will include any stashed theme mods. $post_values = $this->unsanitized_post_values( array( 'exclude_changeset' => true, 'exclude_post_data' => false, ) ); $this->add_dynamic_settings( array_keys( $post_values ) ); // Ensure settings get created even if they lack an input value. /* * Get list of IDs for settings that have values different from what is currently * saved in the changeset. By skipping any values that are already the same, the * subset of changed settings can be passed into validate_setting_values to prevent * an underprivileged modifying a single setting for which they have the capability * from being blocked from saving. This also prevents a user from touching of the * previous saved settings and overriding the associated user_id if they made no change. */ $changed_setting_ids = array(); foreach ( $post_values as $setting_id => $setting_value ) { $setting = $this->get_setting( $setting_id ); if ( $setting && 'theme_mod' === $setting->type ) { $prefixed_setting_id = $this->get_stylesheet() . '::' . $setting->id; } else { $prefixed_setting_id = $setting_id; } $is_value_changed = ( ! isset( $existing_changeset_data[ $prefixed_setting_id ] ) || ! array_key_exists( 'value', $existing_changeset_data[ $prefixed_setting_id ] ) || $existing_changeset_data[ $prefixed_setting_id ]['value'] !== $setting_value ); if ( $is_value_changed ) { $changed_setting_ids[] = $setting_id; } } /** * Fires before save validation happens. * * Plugins can add just-in-time {@see 'customize_validate_{$this->ID}'} filters * at this point to catch any settings registered after `customize_register`. * The dynamic portion of the hook name, `$this->ID` refers to the setting ID. * * @since 4.6.0 * * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ do_action( 'customize_save_validation_before', $this ); // Validate settings. $validated_values = array_merge( array_fill_keys( array_keys( $args['data'] ), null ), // Make sure existence/capability checks are done on value-less setting updates. $post_values ); $setting_validities = $this->validate_setting_values( $validated_values, array( 'validate_capability' => true, 'validate_existence' => true, ) ); $invalid_setting_count = count( array_filter( $setting_validities, 'is_wp_error' ) ); /* * Short-circuit if there are invalid settings the update is transactional. * A changeset update is transactional when a status is supplied in the request. */ if ( $update_transactionally && $invalid_setting_count > 0 ) { $response = array( 'setting_validities' => $setting_validities, /* translators: %s: Number of invalid settings. */ 'message' => sprintf( _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', $invalid_setting_count ), number_format_i18n( $invalid_setting_count ) ), ); return new WP_Error( 'transaction_fail', '', $response ); } // Obtain/merge data for changeset. $original_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); $data = $original_changeset_data; if ( is_wp_error( $data ) ) { $data = array(); } // Ensure that all post values are included in the changeset data. foreach ( $post_values as $setting_id => $post_value ) { if ( ! isset( $args['data'][ $setting_id ] ) ) { $args['data'][ $setting_id ] = array(); } if ( ! isset( $args['data'][ $setting_id ]['value'] ) ) { $args['data'][ $setting_id ]['value'] = $post_value; } } foreach ( $args['data'] as $setting_id => $setting_params ) { $setting = $this->get_setting( $setting_id ); if ( ! $setting || ! $setting->check_capabilities() ) { continue; } // Skip updating changeset for invalid setting values. if ( isset( $setting_validities[ $setting_id ] ) && is_wp_error( $setting_validities[ $setting_id ] ) ) { continue; } $changeset_setting_id = $setting_id; if ( 'theme_mod' === $setting->type ) { $changeset_setting_id = sprintf( '%s::%s', $this->get_stylesheet(), $setting_id ); } if ( null === $setting_params ) { // Remove setting from changeset entirely. unset( $data[ $changeset_setting_id ] ); } else { if ( ! isset( $data[ $changeset_setting_id ] ) ) { $data[ $changeset_setting_id ] = array(); } // Merge any additional setting params that have been supplied with the existing params. $merged_setting_params = array_merge( $data[ $changeset_setting_id ], $setting_params ); // Skip updating setting params if unchanged (ensuring the user_id is not overwritten). if ( $data[ $changeset_setting_id ] === $merged_setting_params ) { continue; } $data[ $changeset_setting_id ] = array_merge( $merged_setting_params, array( 'type' => $setting->type, 'user_id' => $args['user_id'], 'date_modified_gmt' => current_time( 'mysql', true ), ) ); // Clear starter_content flag in data if changeset is not explicitly being updated for starter content. if ( empty( $args['starter_content'] ) ) { unset( $data[ $changeset_setting_id ]['starter_content'] ); } } } $filter_context = array( 'uuid' => $this->changeset_uuid(), 'title' => $args['title'], 'status' => $args['status'], 'date_gmt' => $args['date_gmt'], 'post_id' => $changeset_post_id, 'previous_data' => is_wp_error( $original_changeset_data ) ? array() : $original_changeset_data, 'manager' => $this, ); /** * Filters the settings' data that will be persisted into the changeset. * * Plugins may amend additional data (such as additional meta for settings) into the changeset with this filter. * * @since 4.7.0 * * @param array $data Updated changeset data, mapping setting IDs to arrays containing a $value item and optionally other metadata. * @param array $context { * Filter context. * * @type string $uuid Changeset UUID. * @type string $title Requested title for the changeset post. * @type string $status Requested status for the changeset post. * @type string $date_gmt Requested date for the changeset post in MySQL format and GMT timezone. * @type int|false $post_id Post ID for the changeset, or false if it doesn't exist yet. * @type array $previous_data Previous data contained in the changeset. * @type WP_Customize_Manager $manager Manager instance. * } */ $data = apply_filters( 'customize_changeset_save_data', $data, $filter_context ); // Switch theme if publishing changes now. if ( 'publish' === $args['status'] && ! $this->is_theme_active() ) { // Temporarily stop previewing the theme to allow switch_themes() to operate properly. $this->stop_previewing_theme(); switch_theme( $this->get_stylesheet() ); update_option( 'theme_switched_via_customizer', true ); $this->start_previewing_theme(); } // Gather the data for wp_insert_post()/wp_update_post(). $post_array = array( // JSON_UNESCAPED_SLASHES is only to improve readability as slashes needn't be escaped in storage. 'post_content' => wp_json_encode( $data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT ), ); if ( $args['title'] ) { $post_array['post_title'] = $args['title']; } if ( $changeset_post_id ) { $post_array['ID'] = $changeset_post_id; } else { $post_array['post_type'] = 'customize_changeset'; $post_array['post_name'] = $this->changeset_uuid(); $post_array['post_status'] = 'auto-draft'; } if ( $args['status'] ) { $post_array['post_status'] = $args['status']; } // Reset post date to now if we are publishing, otherwise pass post_date_gmt and translate for post_date. if ( 'publish' === $args['status'] ) { $post_array['post_date_gmt'] = '0000-00-00 00:00:00'; $post_array['post_date'] = '0000-00-00 00:00:00'; } elseif ( $args['date_gmt'] ) { $post_array['post_date_gmt'] = $args['date_gmt']; $post_array['post_date'] = get_date_from_gmt( $args['date_gmt'] ); } elseif ( $changeset_post_id && 'auto-draft' === get_post_status( $changeset_post_id ) ) { /* * Keep bumping the date for the auto-draft whenever it is modified; * this extends its life, preserving it from garbage-collection via * wp_delete_auto_drafts(). */ $post_array['post_date'] = current_time( 'mysql' ); $post_array['post_date_gmt'] = ''; } $this->store_changeset_revision = $allow_revision; add_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ), 5, 3 ); /* * Update the changeset post. The publish_customize_changeset action will cause the settings in the * changeset to be saved via WP_Customize_Setting::save(). Updating a post with publish status will * trigger WP_Customize_Manager::publish_changeset_values(). */ add_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5, 3 ); if ( $changeset_post_id ) { if ( $args['autosave'] && 'auto-draft' !== get_post_status( $changeset_post_id ) ) { // See _wp_translate_postdata() for why this is required as it will use the edit_post meta capability. add_filter( 'map_meta_cap', array( $this, 'grant_edit_post_capability_for_changeset' ), 10, 4 ); $post_array['post_ID'] = $post_array['ID']; $post_array['post_type'] = 'customize_changeset'; $r = wp_create_post_autosave( wp_slash( $post_array ) ); remove_filter( 'map_meta_cap', array( $this, 'grant_edit_post_capability_for_changeset' ), 10 ); } else { $post_array['edit_date'] = true; // Prevent date clearing. $r = wp_update_post( wp_slash( $post_array ), true ); // Delete autosave revision for user when the changeset is updated. if ( ! empty( $args['user_id'] ) ) { $autosave_draft = wp_get_post_autosave( $changeset_post_id, $args['user_id'] ); if ( $autosave_draft ) { wp_delete_post( $autosave_draft->ID, true ); } } } } else { $r = wp_insert_post( wp_slash( $post_array ), true ); if ( ! is_wp_error( $r ) ) { $this->_changeset_post_id = $r; // Update cached post ID for the loaded changeset. } } remove_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5 ); $this->_changeset_data = null; // Reset so WP_Customize_Manager::changeset_data() will re-populate with updated contents. remove_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ) ); $response = array( 'setting_validities' => $setting_validities, ); if ( is_wp_error( $r ) ) { $response['changeset_post_save_failure'] = $r->get_error_code(); return new WP_Error( 'changeset_post_save_failure', '', $response ); } return $response; } /** * Preserves the initial JSON post_content passed to save into the post. * * This is needed to prevent KSES and other {@see 'content_save_pre'} filters * from corrupting JSON data. * * Note that WP_Customize_Manager::validate_setting_values() have already * run on the setting values being serialized as JSON into the post content * so it is pre-sanitized. * * Also, the sanitization logic is re-run through the respective * WP_Customize_Setting::sanitize() method when being read out of the * changeset, via WP_Customize_Manager::post_value(), and this sanitized * value will also be sent into WP_Customize_Setting::update() for * persisting to the DB. * * Multiple users can collaborate on a single changeset, where one user may * have the unfiltered_html capability but another may not. A user with * unfiltered_html may add a script tag to some field which needs to be kept * intact even when another user updates the changeset to modify another field * when they do not have unfiltered_html. * * @since 5.4.1 * * @param array $data An array of slashed and processed post data. * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post(). * @return array Filtered post data. */ public function preserve_insert_changeset_post_content( $data, $postarr, $unsanitized_postarr ) { if ( isset( $data['post_type'] ) && isset( $unsanitized_postarr['post_content'] ) && 'customize_changeset' === $data['post_type'] || ( 'revision' === $data['post_type'] && ! empty( $data['post_parent'] ) && 'customize_changeset' === get_post_type( $data['post_parent'] ) ) ) { $data['post_content'] = $unsanitized_postarr['post_content']; } return $data; } /** * Trashes or deletes a changeset post. * * The following re-formulates the logic from `wp_trash_post()` as done in * `wp_publish_post()`. The reason for bypassing `wp_trash_post()` is that it * will mutate the the `post_content` and the `post_name` when they should be * untouched. * * @since 4.9.0 * * @see wp_trash_post() * @global wpdb $wpdb WordPress database abstraction object. * * @param int|WP_Post $post The changeset post. * @return mixed A WP_Post object for the trashed post or an empty value on failure. */ public function trash_changeset_post( $post ) { global $wpdb; $post = get_post( $post ); if ( ! ( $post instanceof WP_Post ) ) { return $post; } $post_id = $post->ID; if ( ! EMPTY_TRASH_DAYS ) { return wp_delete_post( $post_id, true ); } if ( 'trash' === get_post_status( $post ) ) { return false; } $previous_status = $post->post_status; /** This filter is documented in wp-includes/post.php */ $check = apply_filters( 'pre_trash_post', null, $post, $previous_status ); if ( null !== $check ) { return $check; } /** This action is documented in wp-includes/post.php */ do_action( 'wp_trash_post', $post_id, $previous_status ); add_post_meta( $post_id, '_wp_trash_meta_status', $previous_status ); add_post_meta( $post_id, '_wp_trash_meta_time', time() ); $new_status = 'trash'; $wpdb->update( $wpdb->posts, array( 'post_status' => $new_status ), array( 'ID' => $post->ID ) ); clean_post_cache( $post->ID ); $post->post_status = $new_status; wp_transition_post_status( $new_status, $previous_status, $post ); /** This action is documented in wp-includes/post.php */ do_action( "edit_post_{$post->post_type}", $post->ID, $post ); /** This action is documented in wp-includes/post.php */ do_action( 'edit_post', $post->ID, $post ); /** This action is documented in wp-includes/post.php */ do_action( "save_post_{$post->post_type}", $post->ID, $post, true ); /** This action is documented in wp-includes/post.php */ do_action( 'save_post', $post->ID, $post, true ); /** This action is documented in wp-includes/post.php */ do_action( 'wp_insert_post', $post->ID, $post, true ); wp_after_insert_post( get_post( $post_id ), true, $post ); wp_trash_post_comments( $post_id ); /** This action is documented in wp-includes/post.php */ do_action( 'trashed_post', $post_id, $previous_status ); return $post; } /** * Handles request to trash a changeset. * * @since 4.9.0 */ public function handle_changeset_trash_request() { if ( ! is_user_logged_in() ) { wp_send_json_error( 'unauthenticated' ); } if ( ! $this->is_preview() ) { wp_send_json_error( 'not_preview' ); } if ( ! check_ajax_referer( 'trash_customize_changeset', 'nonce', false ) ) { wp_send_json_error( array( 'code' => 'invalid_nonce', 'message' => __( 'There was an authentication problem. Please reload and try again.' ), ) ); } $changeset_post_id = $this->changeset_post_id(); if ( ! $changeset_post_id ) { wp_send_json_error( array( 'message' => __( 'No changes saved yet, so there is nothing to trash.' ), 'code' => 'non_existent_changeset', ) ); return; } if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->delete_post, $changeset_post_id ) ) { wp_send_json_error( array( 'code' => 'changeset_trash_unauthorized', 'message' => __( 'Unable to trash changes.' ), ) ); } $lock_user = (int) wp_check_post_lock( $changeset_post_id ); if ( $lock_user && get_current_user_id() !== $lock_user ) { wp_send_json_error( array( 'code' => 'changeset_locked', 'message' => __( 'Changeset is being edited by other user.' ), 'lockUser' => $this->get_lock_user_data( $lock_user ), ) ); } if ( 'trash' === get_post_status( $changeset_post_id ) ) { wp_send_json_error( array( 'message' => __( 'Changes have already been trashed.' ), 'code' => 'changeset_already_trashed', ) ); return; } $r = $this->trash_changeset_post( $changeset_post_id ); if ( ! ( $r instanceof WP_Post ) ) { wp_send_json_error( array( 'code' => 'changeset_trash_failure', 'message' => __( 'Unable to trash changes.' ), ) ); } wp_send_json_success( array( 'message' => __( 'Changes trashed successfully.' ), ) ); } /** * Re-maps 'edit_post' meta cap for a customize_changeset post to be the same as 'customize' maps. * * There is essentially a "meta meta" cap in play here, where 'edit_post' meta cap maps to * the 'customize' meta cap which then maps to 'edit_theme_options'. This is currently * required in core for `wp_create_post_autosave()` because it will call * `_wp_translate_postdata()` which in turn will check if a user can 'edit_post', but the * the caps for the customize_changeset post type are all mapping to the meta capability. * This should be able to be removed once #40922 is addressed in core. * * @since 4.9.0 * * @link https://core.trac.wordpress.org/ticket/40922 * @see WP_Customize_Manager::save_changeset_post() * @see _wp_translate_postdata() * * @param string[] $caps Array of the user's capabilities. * @param string $cap Capability name. * @param int $user_id The user ID. * @param array $args Adds the context to the cap. Typically the object ID. * @return array Capabilities. */ public function grant_edit_post_capability_for_changeset( $caps, $cap, $user_id, $args ) { if ( 'edit_post' === $cap && ! empty( $args[0] ) && 'customize_changeset' === get_post_type( $args[0] ) ) { $post_type_obj = get_post_type_object( 'customize_changeset' ); $caps = map_meta_cap( $post_type_obj->cap->$cap, $user_id ); } return $caps; } /** * Marks the changeset post as being currently edited by the current user. * * @since 4.9.0 * * @param int $changeset_post_id Changeset post ID. * @param bool $take_over Whether to take over the changeset. Default false. */ public function set_changeset_lock( $changeset_post_id, $take_over = false ) { if ( $changeset_post_id ) { $can_override = ! (bool) get_post_meta( $changeset_post_id, '_edit_lock', true ); if ( $take_over ) { $can_override = true; } if ( $can_override ) { $lock = sprintf( '%s:%s', time(), get_current_user_id() ); update_post_meta( $changeset_post_id, '_edit_lock', $lock ); } else { $this->refresh_changeset_lock( $changeset_post_id ); } } } /** * Refreshes changeset lock with the current time if current user edited the changeset before. * * @since 4.9.0 * * @param int $changeset_post_id Changeset post ID. */ public function refresh_changeset_lock( $changeset_post_id ) { if ( ! $changeset_post_id ) { return; } $lock = get_post_meta( $changeset_post_id, '_edit_lock', true ); $lock = explode( ':', $lock ); if ( $lock && ! empty( $lock[1] ) ) { $user_id = (int) $lock[1]; $current_user_id = get_current_user_id(); if ( $user_id === $current_user_id ) { $lock = sprintf( '%s:%s', time(), $user_id ); update_post_meta( $changeset_post_id, '_edit_lock', $lock ); } } } /** * Filters heartbeat settings for the Customizer. * * @since 4.9.0 * * @global string $pagenow The filename of the current screen. * * @param array $settings Current settings to filter. * @return array Heartbeat settings. */ public function add_customize_screen_to_heartbeat_settings( $settings ) { global $pagenow; if ( 'customize.php' === $pagenow ) { $settings['screenId'] = 'customize'; } return $settings; } /** * Gets lock user data. * * @since 4.9.0 * * @param int $user_id User ID. * @return array|null User data formatted for client. */ protected function get_lock_user_data( $user_id ) { if ( ! $user_id ) { return null; } $lock_user = get_userdata( $user_id ); if ( ! $lock_user ) { return null; } $user_details = array( 'id' => $lock_user->ID, 'name' => $lock_user->display_name, ); if ( get_option( 'show_avatars' ) ) { $user_details['avatar'] = get_avatar_url( $lock_user->ID, array( 'size' => 128 ) ); } return $user_details; } /** * Checks locked changeset with heartbeat API. * * @since 4.9.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @param string $screen_id The screen id. * @return array The Heartbeat response. */ public function check_changeset_lock_with_heartbeat( $response, $data, $screen_id ) { if ( isset( $data['changeset_uuid'] ) ) { $changeset_post_id = $this->find_changeset_post_id( $data['changeset_uuid'] ); } else { $changeset_post_id = $this->changeset_post_id(); } if ( array_key_exists( 'check_changeset_lock', $data ) && 'customize' === $screen_id && $changeset_post_id && current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) ) { $lock_user_id = wp_check_post_lock( $changeset_post_id ); if ( $lock_user_id ) { $response['customize_changeset_lock_user'] = $this->get_lock_user_data( $lock_user_id ); } else { // Refreshing time will ensure that the user is sitting on customizer and has not closed the customizer tab. $this->refresh_changeset_lock( $changeset_post_id ); } } return $response; } /** * Removes changeset lock when take over request is sent via Ajax. * * @since 4.9.0 */ public function handle_override_changeset_lock_request() { if ( ! $this->is_preview() ) { wp_send_json_error( 'not_preview', 400 ); } if ( ! check_ajax_referer( 'customize_override_changeset_lock', 'nonce', false ) ) { wp_send_json_error( array( 'code' => 'invalid_nonce', 'message' => __( 'Security check failed.' ), ) ); } $changeset_post_id = $this->changeset_post_id(); if ( empty( $changeset_post_id ) ) { wp_send_json_error( array( 'code' => 'no_changeset_found_to_take_over', 'message' => __( 'No changeset found to take over' ), ) ); } if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) ) { wp_send_json_error( array( 'code' => 'cannot_remove_changeset_lock', 'message' => __( 'Sorry, you are not allowed to take over.' ), ) ); } $this->set_changeset_lock( $changeset_post_id, true ); wp_send_json_success( 'changeset_taken_over' ); } /** * Determines whether a changeset revision should be made. * * @since 4.7.0 * @var bool */ protected $store_changeset_revision; /** * Filters whether a changeset has changed to create a new revision. * * Note that this will not be called while a changeset post remains in auto-draft status. * * @since 4.7.0 * * @param bool $post_has_changed Whether the post has changed. * @param WP_Post $latest_revision The latest revision post object. * @param WP_Post $post The post object. * @return bool Whether a revision should be made. */ public function _filter_revision_post_has_changed( $post_has_changed, $latest_revision, $post ) { unset( $latest_revision ); if ( 'customize_changeset' === $post->post_type ) { $post_has_changed = $this->store_changeset_revision; } return $post_has_changed; } /** * Publishes the values of a changeset. * * This will publish the values contained in a changeset, even changesets that do not * correspond to current manager instance. This is called by * `_wp_customize_publish_changeset()` when a customize_changeset post is * transitioned to the `publish` status. As such, this method should not be * called directly and instead `wp_publish_post()` should be used. * * Please note that if the settings in the changeset are for a non-activated * theme, the theme must first be switched to (via `switch_theme()`) before * invoking this method. * * @since 4.7.0 * * @see _wp_customize_publish_changeset() * @global wpdb $wpdb WordPress database abstraction object. * * @param int $changeset_post_id ID for customize_changeset post. Defaults to the changeset for the current manager instance. * @return true|WP_Error True or error info. */ public function _publish_changeset_values( $changeset_post_id ) { global $wpdb; $publishing_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); if ( is_wp_error( $publishing_changeset_data ) ) { return $publishing_changeset_data; } $changeset_post = get_post( $changeset_post_id ); /* * Temporarily override the changeset context so that it will be read * in calls to unsanitized_post_values() and so that it will be available * on the $wp_customize object passed to hooks during the save logic. */ $previous_changeset_post_id = $this->_changeset_post_id; $this->_changeset_post_id = $changeset_post_id; $previous_changeset_uuid = $this->_changeset_uuid; $this->_changeset_uuid = $changeset_post->post_name; $previous_changeset_data = $this->_changeset_data; $this->_changeset_data = $publishing_changeset_data; // Parse changeset data to identify theme mod settings and user IDs associated with settings to be saved. $setting_user_ids = array(); $theme_mod_settings = array(); $namespace_pattern = '/^(?P<stylesheet>.+?)::(?P<setting_id>.+)$/'; $matches = array(); foreach ( $this->_changeset_data as $raw_setting_id => $setting_params ) { $actual_setting_id = null; $is_theme_mod_setting = ( isset( $setting_params['value'] ) && isset( $setting_params['type'] ) && 'theme_mod' === $setting_params['type'] && preg_match( $namespace_pattern, $raw_setting_id, $matches ) ); if ( $is_theme_mod_setting ) { if ( ! isset( $theme_mod_settings[ $matches['stylesheet'] ] ) ) { $theme_mod_settings[ $matches['stylesheet'] ] = array(); } $theme_mod_settings[ $matches['stylesheet'] ][ $matches['setting_id'] ] = $setting_params; if ( $this->get_stylesheet() === $matches['stylesheet'] ) { $actual_setting_id = $matches['setting_id']; } } else { $actual_setting_id = $raw_setting_id; } // Keep track of the user IDs for settings actually for this theme. if ( $actual_setting_id && isset( $setting_params['user_id'] ) ) { $setting_user_ids[ $actual_setting_id ] = $setting_params['user_id']; } } $changeset_setting_values = $this->unsanitized_post_values( array( 'exclude_post_data' => true, 'exclude_changeset' => false, ) ); $changeset_setting_ids = array_keys( $changeset_setting_values ); $this->add_dynamic_settings( $changeset_setting_ids ); /** * Fires once the theme has switched in the Customizer, but before settings * have been saved. * * @since 3.4.0 * * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ do_action( 'customize_save', $this ); /* * Ensure that all settings will allow themselves to be saved. Note that * this is safe because the setting would have checked the capability * when the setting value was written into the changeset. So this is why * an additional capability check is not required here. */ $original_setting_capabilities = array(); foreach ( $changeset_setting_ids as $setting_id ) { $setting = $this->get_setting( $setting_id ); if ( $setting && ! isset( $setting_user_ids[ $setting_id ] ) ) { $original_setting_capabilities[ $setting->id ] = $setting->capability; $setting->capability = 'exist'; } } $original_user_id = get_current_user_id(); foreach ( $changeset_setting_ids as $setting_id ) { $setting = $this->get_setting( $setting_id ); if ( $setting ) { /* * Set the current user to match the user who saved the value into * the changeset so that any filters that apply during the save * process will respect the original user's capabilities. This * will ensure, for example, that KSES won't strip unsafe HTML * when a scheduled changeset publishes via WP Cron. */ if ( isset( $setting_user_ids[ $setting_id ] ) ) { wp_set_current_user( $setting_user_ids[ $setting_id ] ); } else { wp_set_current_user( $original_user_id ); } $setting->save(); } } wp_set_current_user( $original_user_id ); // Update the stashed theme mod settings, removing the active theme's stashed settings, if activated. if ( did_action( 'switch_theme' ) ) { $other_theme_mod_settings = $theme_mod_settings; unset( $other_theme_mod_settings[ $this->get_stylesheet() ] ); $this->update_stashed_theme_mod_settings( $other_theme_mod_settings ); } /** * Fires after Customize settings have been saved. * * @since 3.6.0 * * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ do_action( 'customize_save_after', $this ); // Restore original capabilities. foreach ( $original_setting_capabilities as $setting_id => $capability ) { $setting = $this->get_setting( $setting_id ); if ( $setting ) { $setting->capability = $capability; } } // Restore original changeset data. $this->_changeset_data = $previous_changeset_data; $this->_changeset_post_id = $previous_changeset_post_id; $this->_changeset_uuid = $previous_changeset_uuid; /* * Convert all autosave revisions into their own auto-drafts so that users can be prompted to * restore them when a changeset is published, but they had been locked out from including * their changes in the changeset. */ $revisions = wp_get_post_revisions( $changeset_post_id, array( 'check_enabled' => false ) ); foreach ( $revisions as $revision ) { if ( str_contains( $revision->post_name, "{$changeset_post_id}-autosave" ) ) { $wpdb->update( $wpdb->posts, array( 'post_status' => 'auto-draft', 'post_type' => 'customize_changeset', 'post_name' => wp_generate_uuid4(), 'post_parent' => 0, ), array( 'ID' => $revision->ID, ) ); clean_post_cache( $revision->ID ); } } return true; } /** * Updates stashed theme mod settings. * * @since 4.7.0 * * @param array $inactive_theme_mod_settings Mapping of stylesheet to arrays of theme mod settings. * @return array|false Returns array of updated stashed theme mods or false if the update failed or there were no changes. */ protected function update_stashed_theme_mod_settings( $inactive_theme_mod_settings ) { $stashed_theme_mod_settings = get_option( 'customize_stashed_theme_mods' ); if ( empty( $stashed_theme_mod_settings ) ) { $stashed_theme_mod_settings = array(); } // Delete any stashed theme mods for the active theme since they would have been loaded and saved upon activation. unset( $stashed_theme_mod_settings[ $this->get_stylesheet() ] ); // Merge inactive theme mods with the stashed theme mod settings. foreach ( $inactive_theme_mod_settings as $stylesheet => $theme_mod_settings ) { if ( ! isset( $stashed_theme_mod_settings[ $stylesheet ] ) ) { $stashed_theme_mod_settings[ $stylesheet ] = array(); } $stashed_theme_mod_settings[ $stylesheet ] = array_merge( $stashed_theme_mod_settings[ $stylesheet ], $theme_mod_settings ); } $autoload = false; $result = update_option( 'customize_stashed_theme_mods', $stashed_theme_mod_settings, $autoload ); if ( ! $result ) { return false; } return $stashed_theme_mod_settings; } /** * Refreshes nonces for the current preview. * * @since 4.2.0 */ public function refresh_nonces() { if ( ! $this->is_preview() ) { wp_send_json_error( 'not_preview' ); } wp_send_json_success( $this->get_nonces() ); } /** * Deletes a given auto-draft changeset or the autosave revision for a given changeset or delete changeset lock. * * @since 4.9.0 */ public function handle_dismiss_autosave_or_lock_request() { // Calls to dismiss_user_auto_draft_changesets() and wp_get_post_autosave() require non-zero get_current_user_id(). if ( ! is_user_logged_in() ) { wp_send_json_error( 'unauthenticated', 401 ); } if ( ! $this->is_preview() ) { wp_send_json_error( 'not_preview', 400 ); } if ( ! check_ajax_referer( 'customize_dismiss_autosave_or_lock', 'nonce', false ) ) { wp_send_json_error( 'invalid_nonce', 403 ); } $changeset_post_id = $this->changeset_post_id(); $dismiss_lock = ! empty( $_POST['dismiss_lock'] ); $dismiss_autosave = ! empty( $_POST['dismiss_autosave'] ); if ( $dismiss_lock ) { if ( empty( $changeset_post_id ) && ! $dismiss_autosave ) { wp_send_json_error( 'no_changeset_to_dismiss_lock', 404 ); } if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) && ! $dismiss_autosave ) { wp_send_json_error( 'cannot_remove_changeset_lock', 403 ); } delete_post_meta( $changeset_post_id, '_edit_lock' ); if ( ! $dismiss_autosave ) { wp_send_json_success( 'changeset_lock_dismissed' ); } } if ( $dismiss_autosave ) { if ( empty( $changeset_post_id ) || 'auto-draft' === get_post_status( $changeset_post_id ) ) { $dismissed = $this->dismiss_user_auto_draft_changesets(); if ( $dismissed > 0 ) { wp_send_json_success( 'auto_draft_dismissed' ); } else { wp_send_json_error( 'no_auto_draft_to_delete', 404 ); } } else { $revision = wp_get_post_autosave( $changeset_post_id, get_current_user_id() ); if ( $revision ) { if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->delete_post, $changeset_post_id ) ) { wp_send_json_error( 'cannot_delete_autosave_revision', 403 ); } if ( ! wp_delete_post( $revision->ID, true ) ) { wp_send_json_error( 'autosave_revision_deletion_failure', 500 ); } else { wp_send_json_success( 'autosave_revision_deleted' ); } } else { wp_send_json_error( 'no_autosave_revision_to_delete', 404 ); } } } wp_send_json_error( 'unknown_error', 500 ); } /** * Adds a customize setting. * * @since 3.4.0 * @since 4.5.0 Return added WP_Customize_Setting instance. * * @see WP_Customize_Setting::__construct() * @link https://developer.wordpress.org/themes/customize-api * * @param WP_Customize_Setting|string $id Customize Setting object, or ID. * @param array $args Optional. Array of properties for the new Setting object. * See WP_Customize_Setting::__construct() for information * on accepted arguments. Default empty array. * @return WP_Customize_Setting The instance of the setting that was added. */ public function add_setting( $id, $args = array() ) { if ( $id instanceof WP_Customize_Setting ) { $setting = $id; } else { $class = 'WP_Customize_Setting'; /** This filter is documented in wp-includes/class-wp-customize-manager.php */ $args = apply_filters( 'customize_dynamic_setting_args', $args, $id ); /** This filter is documented in wp-includes/class-wp-customize-manager.php */ $class = apply_filters( 'customize_dynamic_setting_class', $class, $id, $args ); $setting = new $class( $this, $id, $args ); } $this->settings[ $setting->id ] = $setting; return $setting; } /** * Registers any dynamically-created settings, such as those from $_POST['customized'] * that have no corresponding setting created. * * This is a mechanism to "wake up" settings that have been dynamically created * on the front end and have been sent to WordPress in `$_POST['customized']`. When WP * loads, the dynamically-created settings then will get created and previewed * even though they are not directly created statically with code. * * @since 4.2.0 * * @param array $setting_ids The setting IDs to add. * @return array The WP_Customize_Setting objects added. */ public function add_dynamic_settings( $setting_ids ) { $new_settings = array(); foreach ( $setting_ids as $setting_id ) { // Skip settings already created. if ( $this->get_setting( $setting_id ) ) { continue; } $setting_args = false; $setting_class = 'WP_Customize_Setting'; /** * Filters a dynamic setting's constructor args. * * For a dynamic setting to be registered, this filter must be employed * to override the default false value with an array of args to pass to * the WP_Customize_Setting constructor. * * @since 4.2.0 * * @param false|array $setting_args The arguments to the WP_Customize_Setting constructor. * @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`. */ $setting_args = apply_filters( 'customize_dynamic_setting_args', $setting_args, $setting_id ); if ( false === $setting_args ) { continue; } /** * Allow non-statically created settings to be constructed with custom WP_Customize_Setting subclass. * * @since 4.2.0 * * @param string $setting_class WP_Customize_Setting or a subclass. * @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`. * @param array $setting_args WP_Customize_Setting or a subclass. */ $setting_class = apply_filters( 'customize_dynamic_setting_class', $setting_class, $setting_id, $setting_args ); $setting = new $setting_class( $this, $setting_id, $setting_args ); $this->add_setting( $setting ); $new_settings[] = $setting; } return $new_settings; } /** * Retrieves a customize setting. * * @since 3.4.0 * * @param string $id Customize Setting ID. * @return WP_Customize_Setting|void The setting, if set. */ public function get_setting( $id ) { if ( isset( $this->settings[ $id ] ) ) { return $this->settings[ $id ]; } } /** * Removes a customize setting. * * Note that removing the setting doesn't destroy the WP_Customize_Setting instance or remove its filters. * * @since 3.4.0 * * @param string $id Customize Setting ID. */ public function remove_setting( $id ) { unset( $this->settings[ $id ] ); } /** * Adds a customize panel. * * @since 4.0.0 * @since 4.5.0 Return added WP_Customize_Panel instance. * * @see WP_Customize_Panel::__construct() * * @param WP_Customize_Panel|string $id Customize Panel object, or ID. * @param array $args Optional. Array of properties for the new Panel object. * See WP_Customize_Panel::__construct() for information * on accepted arguments. Default empty array. * @return WP_Customize_Panel The instance of the panel that was added. */ public function add_panel( $id, $args = array() ) { if ( $id instanceof WP_Customize_Panel ) { $panel = $id; } else { $panel = new WP_Customize_Panel( $this, $id, $args ); } $this->panels[ $panel->id ] = $panel; return $panel; } /** * Retrieves a customize panel. * * @since 4.0.0 * * @param string $id Panel ID to get. * @return WP_Customize_Panel|void Requested panel instance, if set. */ public function get_panel( $id ) { if ( isset( $this->panels[ $id ] ) ) { return $this->panels[ $id ]; } } /** * Removes a customize panel. * * Note that removing the panel doesn't destroy the WP_Customize_Panel instance or remove its filters. * * @since 4.0.0 * * @param string $id Panel ID to remove. */ public function remove_panel( $id ) { // Removing core components this way is _doing_it_wrong(). if ( in_array( $id, $this->components, true ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: Panel ID, 2: Link to 'customize_loaded_components' filter reference. */ __( 'Removing %1$s manually will cause PHP warnings. Use the %2$s filter instead.' ), $id, sprintf( '<a href="%1$s">%2$s</a>', esc_url( 'https://developer.wordpress.org/reference/hooks/customize_loaded_components/' ), '<code>customize_loaded_components</code>' ) ), '4.5.0' ); } unset( $this->panels[ $id ] ); } /** * Registers a customize panel type. * * Registered types are eligible to be rendered via JS and created dynamically. * * @since 4.3.0 * * @see WP_Customize_Panel * * @param string $panel Name of a custom panel which is a subclass of WP_Customize_Panel. */ public function register_panel_type( $panel ) { $this->registered_panel_types[] = $panel; } /** * Renders JS templates for all registered panel types. * * @since 4.3.0 */ public function render_panel_templates() { foreach ( $this->registered_panel_types as $panel_type ) { $panel = new $panel_type( $this, 'temp', array() ); $panel->print_template(); } } /** * Adds a customize section. * * @since 3.4.0 * @since 4.5.0 Return added WP_Customize_Section instance. * * @see WP_Customize_Section::__construct() * * @param WP_Customize_Section|string $id Customize Section object, or ID. * @param array $args Optional. Array of properties for the new Section object. * See WP_Customize_Section::__construct() for information * on accepted arguments. Default empty array. * @return WP_Customize_Section The instance of the section that was added. */ public function add_section( $id, $args = array() ) { if ( $id instanceof WP_Customize_Section ) { $section = $id; } else { $section = new WP_Customize_Section( $this, $id, $args ); } $this->sections[ $section->id ] = $section; return $section; } /** * Retrieves a customize section. * * @since 3.4.0 * * @param string $id Section ID. * @return WP_Customize_Section|void The section, if set. */ public function get_section( $id ) { if ( isset( $this->sections[ $id ] ) ) { return $this->sections[ $id ]; } } /** * Removes a customize section. * * Note that removing the section doesn't destroy the WP_Customize_Section instance or remove its filters. * * @since 3.4.0 * * @param string $id Section ID. */ public function remove_section( $id ) { unset( $this->sections[ $id ] ); } /** * Registers a customize section type. * * Registered types are eligible to be rendered via JS and created dynamically. * * @since 4.3.0 * * @see WP_Customize_Section * * @param string $section Name of a custom section which is a subclass of WP_Customize_Section. */ public function register_section_type( $section ) { $this->registered_section_types[] = $section; } /** * Renders JS templates for all registered section types. * * @since 4.3.0 */ public function render_section_templates() { foreach ( $this->registered_section_types as $section_type ) { $section = new $section_type( $this, 'temp', array() ); $section->print_template(); } } /** * Adds a customize control. * * @since 3.4.0 * @since 4.5.0 Return added WP_Customize_Control instance. * * @see WP_Customize_Control::__construct() * * @param WP_Customize_Control|string $id Customize Control object, or ID. * @param array $args Optional. Array of properties for the new Control object. * See WP_Customize_Control::__construct() for information * on accepted arguments. Default empty array. * @return WP_Customize_Control The instance of the control that was added. */ public function add_control( $id, $args = array() ) { if ( $id instanceof WP_Customize_Control ) { $control = $id; } else { $control = new WP_Customize_Control( $this, $id, $args ); } $this->controls[ $control->id ] = $control; return $control; } /** * Retrieves a customize control. * * @since 3.4.0 * * @param string $id ID of the control. * @return WP_Customize_Control|void The control object, if set. */ public function get_control( $id ) { if ( isset( $this->controls[ $id ] ) ) { return $this->controls[ $id ]; } } /** * Removes a customize control. * * Note that removing the control doesn't destroy the WP_Customize_Control instance or remove its filters. * * @since 3.4.0 * * @param string $id ID of the control. */ public function remove_control( $id ) { unset( $this->controls[ $id ] ); } /** * Registers a customize control type. * * Registered types are eligible to be rendered via JS and created dynamically. * * @since 4.1.0 * * @param string $control Name of a custom control which is a subclass of * WP_Customize_Control. */ public function register_control_type( $control ) { $this->registered_control_types[] = $control; } /** * Renders JS templates for all registered control types. * * @since 4.1.0 */ public function render_control_templates() { if ( $this->branching() ) { $l10n = array( /* translators: %s: User who is customizing the changeset in customizer. */ 'locked' => __( '%s is already customizing this changeset. Please wait until they are done to try customizing. Your latest changes have been autosaved.' ), /* translators: %s: User who is customizing the changeset in customizer. */ 'locked_allow_override' => __( '%s is already customizing this changeset. Do you want to take over?' ), ); } else { $l10n = array( /* translators: %s: User who is customizing the changeset in customizer. */ 'locked' => __( '%s is already customizing this site. Please wait until they are done to try customizing. Your latest changes have been autosaved.' ), /* translators: %s: User who is customizing the changeset in customizer. */ 'locked_allow_override' => __( '%s is already customizing this site. Do you want to take over?' ), ); } foreach ( $this->registered_control_types as $control_type ) { $control = new $control_type( $this, 'temp', array( 'settings' => array(), ) ); $control->print_template(); } ?> <script type="text/html" id="tmpl-customize-control-default-content"> <# var inputId = _.uniqueId( 'customize-control-default-input-' ); var descriptionId = _.uniqueId( 'customize-control-default-description-' ); var describedByAttr = data.description ? ' aria-describedby="' + descriptionId + '" ' : ''; #> <# switch ( data.type ) { case 'checkbox': #> <span class="customize-inside-control-row"> <input id="{{ inputId }}" {{{ describedByAttr }}} type="checkbox" value="{{ data.value }}" data-customize-setting-key-link="default" > <label for="{{ inputId }}"> {{ data.label }} </label> <# if ( data.description ) { #> <span id="{{ descriptionId }}" class="description customize-control-description">{{{ data.description }}}</span> <# } #> </span> <# break; case 'radio': if ( ! data.choices ) { return; } #> <# if ( data.label ) { #> <label for="{{ inputId }}" class="customize-control-title"> {{ data.label }} </label> <# } #> <# if ( data.description ) { #> <span id="{{ descriptionId }}" class="description customize-control-description">{{{ data.description }}}</span> <# } #> <# _.each( data.choices, function( val, key ) { #> <span class="customize-inside-control-row"> <# var value, text; if ( _.isObject( val ) ) { value = val.value; text = val.text; } else { value = key; text = val; } #> <input id="{{ inputId + '-' + value }}" type="radio" value="{{ value }}" name="{{ inputId }}" data-customize-setting-key-link="default" {{{ describedByAttr }}} > <label for="{{ inputId + '-' + value }}">{{ text }}</label> </span> <# } ); #> <# break; default: #> <# if ( data.label ) { #> <label for="{{ inputId }}" class="customize-control-title"> {{ data.label }} </label> <# } #> <# if ( data.description ) { #> <span id="{{ descriptionId }}" class="description customize-control-description">{{{ data.description }}}</span> <# } #> <# var inputAttrs = { id: inputId, 'data-customize-setting-key-link': 'default' }; if ( 'textarea' === data.type ) { inputAttrs.rows = '5'; } else if ( 'button' === data.type ) { inputAttrs['class'] = 'button button-secondary'; inputAttrs.type = 'button'; } else { inputAttrs.type = data.type; } if ( data.description ) { inputAttrs['aria-describedby'] = descriptionId; } _.extend( inputAttrs, data.input_attrs ); #> <# if ( 'button' === data.type ) { #> <button <# _.each( _.extend( inputAttrs ), function( value, key ) { #> {{{ key }}}="{{ value }}" <# } ); #> >{{ inputAttrs.value }}</button> <# } else if ( 'textarea' === data.type ) { #> <textarea <# _.each( _.extend( inputAttrs ), function( value, key ) { #> {{{ key }}}="{{ value }}" <# }); #> >{{ inputAttrs.value }}</textarea> <# } else if ( 'select' === data.type ) { #> <# delete inputAttrs.type; #> <select <# _.each( _.extend( inputAttrs ), function( value, key ) { #> {{{ key }}}="{{ value }}" <# }); #> > <# _.each( data.choices, function( val, key ) { #> <# var value, text; if ( _.isObject( val ) ) { value = val.value; text = val.text; } else { value = key; text = val; } #> <option value="{{ value }}">{{ text }}</option> <# } ); #> </select> <# } else { #> <input <# _.each( _.extend( inputAttrs ), function( value, key ) { #> {{{ key }}}="{{ value }}" <# }); #> > <# } #> <# } #> </script> <script type="text/html" id="tmpl-customize-notification"> <li class="notice notice-{{ data.type || 'info' }} {{ data.alt ? 'notice-alt' : '' }} {{ data.dismissible ? 'is-dismissible' : '' }} {{ data.containerClasses || '' }}" data-code="{{ data.code }}" data-type="{{ data.type }}"> <div class="notification-message">{{{ data.message || data.code }}}</div> <# if ( data.dismissible ) { #> <button type="button" class="notice-dismiss"><span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Dismiss' ); ?> </span></button> <# } #> </li> </script> <script type="text/html" id="tmpl-customize-changeset-locked-notification"> <li class="notice notice-{{ data.type || 'info' }} {{ data.containerClasses || '' }}" data-code="{{ data.code }}" data-type="{{ data.type }}"> <div class="notification-message customize-changeset-locked-message {{ data.lockUser.avatar ? 'has-avatar' : '' }}"> <# if ( data.lockUser.avatar ) { #> <img class="customize-changeset-locked-avatar" src="{{ data.lockUser.avatar }}" alt="{{ data.lockUser.name }}" /> <# } #> <p class="currently-editing"> <# if ( data.message ) { #> {{{ data.message }}} <# } else if ( data.allowOverride ) { #> <?php echo esc_html( sprintf( $l10n['locked_allow_override'], '{{ data.lockUser.name }}' ) ); ?> <# } else { #> <?php echo esc_html( sprintf( $l10n['locked'], '{{ data.lockUser.name }}' ) ); ?> <# } #> </p> <p class="notice notice-error notice-alt" hidden></p> <p class="action-buttons"> <# if ( data.returnUrl !== data.previewUrl ) { #> <a class="button customize-notice-go-back-button" href="{{ data.returnUrl }}"><?php _e( 'Go back' ); ?></a> <# } #> <a class="button customize-notice-preview-button" href="{{ data.frontendPreviewUrl }}"><?php _e( 'Preview' ); ?></a> <# if ( data.allowOverride ) { #> <button class="button button-primary wp-tab-last customize-notice-take-over-button"><?php _e( 'Take over' ); ?></button> <# } #> </p> </div> </li> </script> <script type="text/html" id="tmpl-customize-code-editor-lint-error-notification"> <li class="notice notice-{{ data.type || 'info' }} {{ data.alt ? 'notice-alt' : '' }} {{ data.dismissible ? 'is-dismissible' : '' }} {{ data.containerClasses || '' }}" data-code="{{ data.code }}" data-type="{{ data.type }}"> <div class="notification-message">{{{ data.message || data.code }}}</div> <p> <# var elementId = 'el-' + String( Math.random() ); #> <input id="{{ elementId }}" type="checkbox"> <label for="{{ elementId }}"><?php _e( 'Update anyway, even though it might break your site?' ); ?></label> </p> </li> </script> <?php /* The following template is obsolete in core but retained for plugins. */ ?> <script type="text/html" id="tmpl-customize-control-notifications"> <ul> <# _.each( data.notifications, function( notification ) { #> <li class="notice notice-{{ notification.type || 'info' }} {{ data.altNotice ? 'notice-alt' : '' }}" data-code="{{ notification.code }}" data-type="{{ notification.type }}">{{{ notification.message || notification.code }}}</li> <# } ); #> </ul> </script> <script type="text/html" id="tmpl-customize-preview-link-control" > <# var elementPrefix = _.uniqueId( 'el' ) + '-' #> <p class="customize-control-title"> <?php esc_html_e( 'Share Preview Link' ); ?> </p> <p class="description customize-control-description"><?php esc_html_e( 'See how changes would look live on your website, and share the preview with people who can\'t access the Customizer.' ); ?></p> <div class="customize-control-notifications-container"></div> <div class="preview-link-wrapper"> <label for="{{ elementPrefix }}customize-preview-link-input" class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ esc_html_e( 'Preview Link' ); ?> </label> <a href="" target=""> <span class="preview-control-element" data-component="url"></span> <span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( '(opens in a new tab)' ); ?> </span> </a> <input id="{{ elementPrefix }}customize-preview-link-input" readonly tabindex="-1" class="preview-control-element" data-component="input"> <button class="customize-copy-preview-link preview-control-element button button-secondary" data-component="button" data-copy-text="<?php esc_attr_e( 'Copy' ); ?>" data-copied-text="<?php esc_attr_e( 'Copied' ); ?>" ><?php esc_html_e( 'Copy' ); ?></button> </div> </script> <script type="text/html" id="tmpl-customize-selected-changeset-status-control"> <# var inputId = _.uniqueId( 'customize-selected-changeset-status-control-input-' ); #> <# var descriptionId = _.uniqueId( 'customize-selected-changeset-status-control-description-' ); #> <# if ( data.label ) { #> <label for="{{ inputId }}" class="customize-control-title">{{ data.label }}</label> <# } #> <# if ( data.description ) { #> <span id="{{ descriptionId }}" class="description customize-control-description">{{{ data.description }}}</span> <# } #> <# _.each( data.choices, function( choice ) { #> <# var choiceId = inputId + '-' + choice.status; #> <span class="customize-inside-control-row"> <input id="{{ choiceId }}" type="radio" value="{{ choice.status }}" name="{{ inputId }}" data-customize-setting-key-link="default"> <label for="{{ choiceId }}">{{ choice.label }}</label> </span> <# } ); #> </script> <?php } /** * Helper function to compare two objects by priority, ensuring sort stability via instance_number. * * @since 3.4.0 * @deprecated 4.7.0 Use wp_list_sort() * * @param WP_Customize_Panel|WP_Customize_Section|WP_Customize_Control $a Object A. * @param WP_Customize_Panel|WP_Customize_Section|WP_Customize_Control $b Object B. * @return int */ protected function _cmp_priority( $a, $b ) { _deprecated_function( __METHOD__, '4.7.0', 'wp_list_sort' ); if ( $a->priority === $b->priority ) { return $a->instance_number - $b->instance_number; } else { return $a->priority - $b->priority; } } /** * Prepares panels, sections, and controls. * * For each, check if required related components exist, * whether the user has the necessary capabilities, * and sort by priority. * * @since 3.4.0 */ public function prepare_controls() { $controls = array(); $this->controls = wp_list_sort( $this->controls, array( 'priority' => 'ASC', 'instance_number' => 'ASC', ), 'ASC', true ); foreach ( $this->controls as $id => $control ) { if ( ! isset( $this->sections[ $control->section ] ) || ! $control->check_capabilities() ) { continue; } $this->sections[ $control->section ]->controls[] = $control; $controls[ $id ] = $control; } $this->controls = $controls; // Prepare sections. $this->sections = wp_list_sort( $this->sections, array( 'priority' => 'ASC', 'instance_number' => 'ASC', ), 'ASC', true ); $sections = array(); foreach ( $this->sections as $section ) { if ( ! $section->check_capabilities() ) { continue; } $section->controls = wp_list_sort( $section->controls, array( 'priority' => 'ASC', 'instance_number' => 'ASC', ) ); if ( ! $section->panel ) { // Top-level section. $sections[ $section->id ] = $section; } else { // This section belongs to a panel. if ( isset( $this->panels [ $section->panel ] ) ) { $this->panels[ $section->panel ]->sections[ $section->id ] = $section; } } } $this->sections = $sections; // Prepare panels. $this->panels = wp_list_sort( $this->panels, array( 'priority' => 'ASC', 'instance_number' => 'ASC', ), 'ASC', true ); $panels = array(); foreach ( $this->panels as $panel ) { if ( ! $panel->check_capabilities() ) { continue; } $panel->sections = wp_list_sort( $panel->sections, array( 'priority' => 'ASC', 'instance_number' => 'ASC', ), 'ASC', true ); $panels[ $panel->id ] = $panel; } $this->panels = $panels; // Sort panels and top-level sections together. $this->containers = array_merge( $this->panels, $this->sections ); $this->containers = wp_list_sort( $this->containers, array( 'priority' => 'ASC', 'instance_number' => 'ASC', ), 'ASC', true ); } /** * Enqueues scripts for customize controls. * * @since 3.4.0 */ public function enqueue_control_scripts() { foreach ( $this->controls as $control ) { $control->enqueue(); } if ( ! is_multisite() && ( current_user_can( 'install_themes' ) || current_user_can( 'update_themes' ) || current_user_can( 'delete_themes' ) ) ) { wp_enqueue_script( 'updates' ); wp_localize_script( 'updates', '_wpUpdatesItemCounts', array( 'totals' => wp_get_update_data(), ) ); } } /** * Determines whether the user agent is iOS. * * @since 4.4.0 * * @return bool Whether the user agent is iOS. */ public function is_ios() { return wp_is_mobile() && preg_match( '/iPad|iPod|iPhone/', $_SERVER['HTTP_USER_AGENT'] ); } /** * Gets the template string for the Customizer pane document title. * * @since 4.4.0 * * @return string The template string for the document title. */ public function get_document_title_template() { if ( $this->is_theme_active() ) { /* translators: %s: Document title from the preview. */ $document_title_tmpl = __( 'Customize: %s' ); } else { /* translators: %s: Document title from the preview. */ $document_title_tmpl = __( 'Live Preview: %s' ); } $document_title_tmpl = html_entity_decode( $document_title_tmpl, ENT_QUOTES, 'UTF-8' ); // Because exported to JS and assigned to document.title. return $document_title_tmpl; } /** * Sets the initial URL to be previewed. * * URL is validated. * * @since 4.4.0 * * @param string $preview_url URL to be previewed. */ public function set_preview_url( $preview_url ) { $preview_url = sanitize_url( $preview_url ); $this->preview_url = wp_validate_redirect( $preview_url, home_url( '/' ) ); } /** * Gets the initial URL to be previewed. * * @since 4.4.0 * * @return string URL being previewed. */ public function get_preview_url() { if ( empty( $this->preview_url ) ) { $preview_url = home_url( '/' ); } else { $preview_url = $this->preview_url; } return $preview_url; } /** * Determines whether the admin and the frontend are on different domains. * * @since 4.7.0 * * @return bool Whether cross-domain. */ public function is_cross_domain() { $admin_origin = wp_parse_url( admin_url() ); $home_origin = wp_parse_url( home_url() ); $cross_domain = ( strtolower( $admin_origin['host'] ) !== strtolower( $home_origin['host'] ) ); return $cross_domain; } /** * Gets URLs allowed to be previewed. * * If the front end and the admin are served from the same domain, load the * preview over ssl if the Customizer is being loaded over ssl. This avoids * insecure content warnings. This is not attempted if the admin and front end * are on different domains to avoid the case where the front end doesn't have * ssl certs. Domain mapping plugins can allow other urls in these conditions * using the customize_allowed_urls filter. * * @since 4.7.0 * * @return array Allowed URLs. */ public function get_allowed_urls() { $allowed_urls = array( home_url( '/' ) ); if ( is_ssl() && ! $this->is_cross_domain() ) { $allowed_urls[] = home_url( '/', 'https' ); } /** * Filters the list of URLs allowed to be clicked and followed in the Customizer preview. * * @since 3.4.0 * * @param string[] $allowed_urls An array of allowed URLs. */ $allowed_urls = array_unique( apply_filters( 'customize_allowed_urls', $allowed_urls ) ); return $allowed_urls; } /** * Gets messenger channel. * * @since 4.7.0 * * @return string Messenger channel. */ public function get_messenger_channel() { return $this->messenger_channel; } /** * Sets URL to link the user to when closing the Customizer. * * URL is validated. * * @since 4.4.0 * * @param string $return_url URL for return link. */ public function set_return_url( $return_url ) { $return_url = sanitize_url( $return_url ); $return_url = remove_query_arg( wp_removable_query_args(), $return_url ); $return_url = wp_validate_redirect( $return_url ); $this->return_url = $return_url; } /** * Gets URL to link the user to when closing the Customizer. * * @since 4.4.0 * * @global array $_registered_pages * * @return string URL for link to close Customizer. */ public function get_return_url() { global $_registered_pages; $referer = wp_get_referer(); $excluded_referer_basenames = array( 'customize.php', 'wp-login.php' ); if ( $this->return_url ) { $return_url = $this->return_url; $return_url_basename = wp_basename( parse_url( $this->return_url, PHP_URL_PATH ) ); $return_url_query = parse_url( $this->return_url, PHP_URL_QUERY ); if ( 'themes.php' === $return_url_basename && $return_url_query ) { parse_str( $return_url_query, $query_vars ); /* * If the return URL is a page added by a theme to the Appearance menu via add_submenu_page(), * verify that it belongs to the active theme, otherwise fall back to the Themes screen. */ if ( isset( $query_vars['page'] ) && ! isset( $_registered_pages[ "appearance_page_{$query_vars['page']}" ] ) ) { $return_url = admin_url( 'themes.php' ); } } } elseif ( $referer && ! in_array( wp_basename( parse_url( $referer, PHP_URL_PATH ) ), $excluded_referer_basenames, true ) ) { $return_url = $referer; } elseif ( $this->preview_url ) { $return_url = $this->preview_url; } else { $return_url = home_url( '/' ); } return $return_url; } /** * Sets the autofocused constructs. * * @since 4.4.0 * * @param array $autofocus { * Mapping of 'panel', 'section', 'control' to the ID which should be autofocused. * * @type string $control ID for control to be autofocused. * @type string $section ID for section to be autofocused. * @type string $panel ID for panel to be autofocused. * } */ public function set_autofocus( $autofocus ) { $this->autofocus = array_filter( wp_array_slice_assoc( $autofocus, array( 'panel', 'section', 'control' ) ), 'is_string' ); } /** * Gets the autofocused constructs. * * @since 4.4.0 * * @return string[] { * Mapping of 'panel', 'section', 'control' to the ID which should be autofocused. * * @type string $control ID for control to be autofocused. * @type string $section ID for section to be autofocused. * @type string $panel ID for panel to be autofocused. * } */ public function get_autofocus() { return $this->autofocus; } /** * Gets nonces for the Customizer. * * @since 4.5.0 * * @return array Nonces. */ public function get_nonces() { $nonces = array( 'save' => wp_create_nonce( 'save-customize_' . $this->get_stylesheet() ), 'preview' => wp_create_nonce( 'preview-customize_' . $this->get_stylesheet() ), 'switch_themes' => wp_create_nonce( 'switch_themes' ), 'dismiss_autosave_or_lock' => wp_create_nonce( 'customize_dismiss_autosave_or_lock' ), 'override_lock' => wp_create_nonce( 'customize_override_changeset_lock' ), 'trash' => wp_create_nonce( 'trash_customize_changeset' ), ); /** * Filters nonces for Customizer. * * @since 4.2.0 * * @param string[] $nonces Array of refreshed nonces for save and * preview actions. * @param WP_Customize_Manager $manager WP_Customize_Manager instance. */ $nonces = apply_filters( 'customize_refresh_nonces', $nonces, $this ); return $nonces; } /** * Prints JavaScript settings for parent window. * * @since 4.4.0 */ public function customize_pane_settings() { $login_url = add_query_arg( array( 'interim-login' => 1, 'customize-login' => 1, ), wp_login_url() ); // Ensure dirty flags are set for modified settings. foreach ( array_keys( $this->unsanitized_post_values() ) as $setting_id ) { $setting = $this->get_setting( $setting_id ); if ( $setting ) { $setting->dirty = true; } } $autosave_revision_post = null; $autosave_autodraft_post = null; $changeset_post_id = $this->changeset_post_id(); if ( ! $this->saved_starter_content_changeset && ! $this->autosaved() ) { if ( $changeset_post_id ) { if ( is_user_logged_in() ) { $autosave_revision_post = wp_get_post_autosave( $changeset_post_id, get_current_user_id() ); } } else { $autosave_autodraft_posts = $this->get_changeset_posts( array( 'posts_per_page' => 1, 'post_status' => 'auto-draft', 'exclude_restore_dismissed' => true, ) ); if ( ! empty( $autosave_autodraft_posts ) ) { $autosave_autodraft_post = array_shift( $autosave_autodraft_posts ); } } } $current_user_can_publish = current_user_can( get_post_type_object( 'customize_changeset' )->cap->publish_posts ); // @todo Include all of the status labels here from script-loader.php, and then allow it to be filtered. $status_choices = array(); if ( $current_user_can_publish ) { $status_choices[] = array( 'status' => 'publish', 'label' => __( 'Publish' ), ); } $status_choices[] = array( 'status' => 'draft', 'label' => __( 'Save Draft' ), ); if ( $current_user_can_publish ) { $status_choices[] = array( 'status' => 'future', 'label' => _x( 'Schedule', 'customizer changeset action/button label' ), ); } // Prepare Customizer settings to pass to JavaScript. $changeset_post = null; if ( $changeset_post_id ) { $changeset_post = get_post( $changeset_post_id ); } // Determine initial date to be at present or future, not past. $current_time = current_time( 'mysql', false ); $initial_date = $current_time; if ( $changeset_post ) { $initial_date = get_the_time( 'Y-m-d H:i:s', $changeset_post->ID ); if ( $initial_date < $current_time ) { $initial_date = $current_time; } } $lock_user_id = false; if ( $this->changeset_post_id() ) { $lock_user_id = wp_check_post_lock( $this->changeset_post_id() ); } $settings = array( 'changeset' => array( 'uuid' => $this->changeset_uuid(), 'branching' => $this->branching(), 'autosaved' => $this->autosaved(), 'hasAutosaveRevision' => ! empty( $autosave_revision_post ), 'latestAutoDraftUuid' => $autosave_autodraft_post ? $autosave_autodraft_post->post_name : null, 'status' => $changeset_post ? $changeset_post->post_status : '', 'currentUserCanPublish' => $current_user_can_publish, 'publishDate' => $initial_date, 'statusChoices' => $status_choices, 'lockUser' => $lock_user_id ? $this->get_lock_user_data( $lock_user_id ) : null, ), 'initialServerDate' => $current_time, 'dateFormat' => get_option( 'date_format' ), 'timeFormat' => get_option( 'time_format' ), 'initialServerTimestamp' => floor( microtime( true ) * 1000 ), 'initialClientTimestamp' => -1, // To be set with JS below. 'timeouts' => array( 'windowRefresh' => 250, 'changesetAutoSave' => AUTOSAVE_INTERVAL * 1000, 'keepAliveCheck' => 2500, 'reflowPaneContents' => 100, 'previewFrameSensitivity' => 2000, ), 'theme' => array( 'stylesheet' => $this->get_stylesheet(), 'active' => $this->is_theme_active(), '_canInstall' => current_user_can( 'install_themes' ), ), 'url' => array( 'preview' => sanitize_url( $this->get_preview_url() ), 'return' => sanitize_url( $this->get_return_url() ), 'parent' => sanitize_url( admin_url() ), 'activated' => sanitize_url( home_url( '/' ) ), 'ajax' => sanitize_url( admin_url( 'admin-ajax.php', 'relative' ) ), 'allowed' => array_map( 'sanitize_url', $this->get_allowed_urls() ), 'isCrossDomain' => $this->is_cross_domain(), 'home' => sanitize_url( home_url( '/' ) ), 'login' => sanitize_url( $login_url ), ), 'browser' => array( 'mobile' => wp_is_mobile(), 'ios' => $this->is_ios(), ), 'panels' => array(), 'sections' => array(), 'nonce' => $this->get_nonces(), 'autofocus' => $this->get_autofocus(), 'documentTitleTmpl' => $this->get_document_title_template(), 'previewableDevices' => $this->get_previewable_devices(), 'l10n' => array( 'confirmDeleteTheme' => __( 'Are you sure you want to delete this theme?' ), /* translators: %d: Number of theme search results, which cannot currently consider singular vs. plural forms. */ 'themeSearchResults' => __( '%d themes found' ), /* translators: %d: Number of themes being displayed, which cannot currently consider singular vs. plural forms. */ 'announceThemeCount' => __( 'Displaying %d themes' ), /* translators: %s: Theme name. */ 'announceThemeDetails' => __( 'Showing details for theme: %s' ), ), ); // Temporarily disable installation in Customizer. See #42184. $filesystem_method = get_filesystem_method(); ob_start(); $filesystem_credentials_are_stored = request_filesystem_credentials( self_admin_url() ); ob_end_clean(); if ( 'direct' !== $filesystem_method && ! $filesystem_credentials_are_stored ) { $settings['theme']['_filesystemCredentialsNeeded'] = true; } // Prepare Customize Section objects to pass to JavaScript. foreach ( $this->sections() as $id => $section ) { if ( $section->check_capabilities() ) { $settings['sections'][ $id ] = $section->json(); } } // Prepare Customize Panel objects to pass to JavaScript. foreach ( $this->panels() as $panel_id => $panel ) { if ( $panel->check_capabilities() ) { $settings['panels'][ $panel_id ] = $panel->json(); foreach ( $panel->sections as $section_id => $section ) { if ( $section->check_capabilities() ) { $settings['sections'][ $section_id ] = $section->json(); } } } } ob_start(); ?> <script> var _wpCustomizeSettings = <?php echo wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); ?>; _wpCustomizeSettings.initialClientTimestamp = _.now(); _wpCustomizeSettings.controls = {}; _wpCustomizeSettings.settings = {}; <?php // Serialize settings one by one to improve memory usage. echo "(function ( s ){\n"; foreach ( $this->settings() as $setting ) { if ( $setting->check_capabilities() ) { printf( "s[%s] = %s;\n", wp_json_encode( $setting->id, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), wp_json_encode( $setting->json(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); } } echo "})( _wpCustomizeSettings.settings );\n"; // Serialize controls one by one to improve memory usage. echo "(function ( c ){\n"; foreach ( $this->controls() as $control ) { if ( $control->check_capabilities() ) { printf( "c[%s] = %s;\n", wp_json_encode( $control->id, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), wp_json_encode( $control->json(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); } } echo "})( _wpCustomizeSettings.controls );\n"; ?> </script> <?php wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) . "\n//# sourceURL=" . rawurlencode( __METHOD__ ) ); } /** * Returns a list of devices to allow previewing. * * @since 4.5.0 * * @return array List of devices with labels and default setting. */ public function get_previewable_devices() { $devices = array( 'desktop' => array( 'label' => __( 'Enter desktop preview mode' ), 'default' => true, ), 'tablet' => array( 'label' => __( 'Enter tablet preview mode' ), ), 'mobile' => array( 'label' => __( 'Enter mobile preview mode' ), ), ); /** * Filters the available devices to allow previewing in the Customizer. * * @since 4.5.0 * * @see WP_Customize_Manager::get_previewable_devices() * * @param array $devices List of devices with labels and default setting. */ $devices = apply_filters( 'customize_previewable_devices', $devices ); return $devices; } /** * Registers some default controls. * * @since 3.4.0 */ public function register_controls() { /* Themes (controls are loaded via ajax) */ $this->add_panel( new WP_Customize_Themes_Panel( $this, 'themes', array( 'title' => $this->theme()->display( 'Name' ), 'description' => ( '<p>' . __( 'Looking for a theme? You can search or browse the WordPress.org theme directory, install and preview themes, then activate them right here.' ) . '</p>' . '<p>' . __( 'While previewing a new theme, you can continue to tailor things like widgets and menus, and explore theme-specific options.' ) . '</p>' ), 'capability' => 'switch_themes', 'priority' => 0, ) ) ); $this->add_section( new WP_Customize_Themes_Section( $this, 'installed_themes', array( 'title' => __( 'Installed themes' ), 'action' => 'installed', 'capability' => 'switch_themes', 'panel' => 'themes', 'priority' => 0, ) ) ); if ( ! is_multisite() ) { $this->add_section( new WP_Customize_Themes_Section( $this, 'wporg_themes', array( 'title' => __( 'WordPress.org themes' ), 'action' => 'wporg', 'filter_type' => 'remote', 'capability' => 'install_themes', 'panel' => 'themes', 'priority' => 5, ) ) ); } // Themes Setting (unused - the theme is considerably more fundamental to the Customizer experience). $this->add_setting( new WP_Customize_Filter_Setting( $this, 'active_theme', array( 'capability' => 'switch_themes', ) ) ); /* Site Identity */ $this->add_section( 'title_tagline', array( 'title' => __( 'Site Identity' ), 'priority' => 20, ) ); $this->add_setting( 'blogname', array( 'default' => get_option( 'blogname' ), 'type' => 'option', 'capability' => 'manage_options', ) ); $this->add_control( 'blogname', array( 'label' => __( 'Site Title' ), 'section' => 'title_tagline', ) ); $this->add_setting( 'blogdescription', array( 'default' => get_option( 'blogdescription' ), 'type' => 'option', 'capability' => 'manage_options', ) ); $this->add_control( 'blogdescription', array( 'label' => __( 'Tagline' ), 'section' => 'title_tagline', ) ); // Add a setting to hide header text if the theme doesn't support custom headers. if ( ! current_theme_supports( 'custom-header', 'header-text' ) ) { $this->add_setting( 'header_text', array( 'theme_supports' => array( 'custom-logo', 'header-text' ), 'default' => 1, 'sanitize_callback' => 'absint', ) ); $this->add_control( 'header_text', array( 'label' => __( 'Display Site Title and Tagline' ), 'section' => 'title_tagline', 'settings' => 'header_text', 'type' => 'checkbox', ) ); } $this->add_setting( 'site_icon', array( 'type' => 'option', 'capability' => 'manage_options', 'transport' => 'postMessage', // Previewed with JS in the Customizer controls window. ) ); $this->add_control( new WP_Customize_Site_Icon_Control( $this, 'site_icon', array( 'label' => __( 'Site Icon' ), 'description' => sprintf( /* translators: 1: pixel value for icon size. 2: pixel value for icon size. */ '<p>' . __( 'The Site Icon is what you see in browser tabs, bookmark bars, and within the WordPress mobile apps. It should be square and at least <code>%1$s by %2$s</code> pixels.' ) . '</p>', 512, 512 ), 'section' => 'title_tagline', 'priority' => 60, 'height' => 512, 'width' => 512, ) ) ); $this->add_setting( 'custom_logo', array( 'theme_supports' => array( 'custom-logo' ), 'transport' => 'postMessage', ) ); $custom_logo_args = get_theme_support( 'custom-logo' ); $this->add_control( new WP_Customize_Cropped_Image_Control( $this, 'custom_logo', array( 'label' => __( 'Logo' ), 'section' => 'title_tagline', 'priority' => 8, 'height' => isset( $custom_logo_args[0]['height'] ) ? $custom_logo_args[0]['height'] : null, 'width' => isset( $custom_logo_args[0]['width'] ) ? $custom_logo_args[0]['width'] : null, 'flex_height' => isset( $custom_logo_args[0]['flex-height'] ) ? $custom_logo_args[0]['flex-height'] : null, 'flex_width' => isset( $custom_logo_args[0]['flex-width'] ) ? $custom_logo_args[0]['flex-width'] : null, 'button_labels' => array( 'select' => __( 'Select logo' ), 'change' => __( 'Change logo' ), 'remove' => __( 'Remove' ), 'default' => __( 'Default' ), 'placeholder' => __( 'No logo selected' ), 'frame_title' => __( 'Select logo' ), 'frame_button' => __( 'Choose logo' ), ), ) ) ); $this->selective_refresh->add_partial( 'custom_logo', array( 'settings' => array( 'custom_logo' ), 'selector' => '.custom-logo-link', 'render_callback' => array( $this, '_render_custom_logo_partial' ), 'container_inclusive' => true, ) ); /* Colors */ $this->add_section( 'colors', array( 'title' => __( 'Colors' ), 'priority' => 40, ) ); $this->add_setting( 'header_textcolor', array( 'theme_supports' => array( 'custom-header', 'header-text' ), 'default' => get_theme_support( 'custom-header', 'default-text-color' ), 'sanitize_callback' => array( $this, '_sanitize_header_textcolor' ), 'sanitize_js_callback' => 'maybe_hash_hex_color', ) ); // Input type: checkbox, with custom value. $this->add_control( 'display_header_text', array( 'settings' => 'header_textcolor', 'label' => __( 'Display Site Title and Tagline' ), 'section' => 'title_tagline', 'type' => 'checkbox', 'priority' => 40, ) ); $this->add_control( new WP_Customize_Color_Control( $this, 'header_textcolor', array( 'label' => __( 'Header Text Color' ), 'section' => 'colors', ) ) ); // Input type: color, with sanitize_callback. $this->add_setting( 'background_color', array( 'default' => get_theme_support( 'custom-background', 'default-color' ), 'theme_supports' => 'custom-background', 'sanitize_callback' => 'sanitize_hex_color_no_hash', 'sanitize_js_callback' => 'maybe_hash_hex_color', ) ); $this->add_control( new WP_Customize_Color_Control( $this, 'background_color', array( 'label' => __( 'Background Color' ), 'section' => 'colors', ) ) ); /* Custom Header */ if ( current_theme_supports( 'custom-header', 'video' ) ) { $title = __( 'Header Media' ); $description = '<p>' . __( 'If you add a video, the image will be used as a fallback while the video loads.' ) . '</p>'; $width = absint( get_theme_support( 'custom-header', 'width' ) ); $height = absint( get_theme_support( 'custom-header', 'height' ) ); if ( $width && $height ) { $control_description = sprintf( /* translators: 1: .mp4, 2: Header size in pixels. */ __( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends dimensions of %2$s pixels.' ), '<code>.mp4</code>', sprintf( '<strong>%s × %s</strong>', $width, $height ) ); } elseif ( $width ) { $control_description = sprintf( /* translators: 1: .mp4, 2: Header width in pixels. */ __( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends a width of %2$s pixels.' ), '<code>.mp4</code>', sprintf( '<strong>%s</strong>', $width ) ); } else { $control_description = sprintf( /* translators: 1: .mp4, 2: Header height in pixels. */ __( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends a height of %2$s pixels.' ), '<code>.mp4</code>', sprintf( '<strong>%s</strong>', $height ) ); } } else { $title = __( 'Header Image' ); $description = ''; $control_description = ''; } $this->add_section( 'header_image', array( 'title' => $title, 'description' => $description, 'theme_supports' => 'custom-header', 'priority' => 60, ) ); $this->add_setting( 'header_video', array( 'theme_supports' => array( 'custom-header', 'video' ), 'transport' => 'postMessage', 'sanitize_callback' => 'absint', 'validate_callback' => array( $this, '_validate_header_video' ), ) ); $this->add_setting( 'external_header_video', array( 'theme_supports' => array( 'custom-header', 'video' ), 'transport' => 'postMessage', 'sanitize_callback' => array( $this, '_sanitize_external_header_video' ), 'validate_callback' => array( $this, '_validate_external_header_video' ), ) ); $this->add_setting( new WP_Customize_Filter_Setting( $this, 'header_image', array( 'default' => sprintf( get_theme_support( 'custom-header', 'default-image' ), get_template_directory_uri(), get_stylesheet_directory_uri() ), 'theme_supports' => 'custom-header', ) ) ); $this->add_setting( new WP_Customize_Header_Image_Setting( $this, 'header_image_data', array( 'theme_supports' => 'custom-header', ) ) ); /* * Switch image settings to postMessage when video support is enabled since * it entails that the_custom_header_markup() will be used, and thus selective * refresh can be utilized. */ if ( current_theme_supports( 'custom-header', 'video' ) ) { $this->get_setting( 'header_image' )->transport = 'postMessage'; $this->get_setting( 'header_image_data' )->transport = 'postMessage'; } $this->add_control( new WP_Customize_Media_Control( $this, 'header_video', array( 'theme_supports' => array( 'custom-header', 'video' ), 'label' => __( 'Header Video' ), 'description' => $control_description, 'section' => 'header_image', 'mime_type' => 'video', 'active_callback' => 'is_header_video_active', ) ) ); $this->add_control( 'external_header_video', array( 'theme_supports' => array( 'custom-header', 'video' ), 'type' => 'url', 'description' => __( 'Or, enter a YouTube URL:' ), 'section' => 'header_image', 'active_callback' => 'is_header_video_active', ) ); $this->add_control( new WP_Customize_Header_Image_Control( $this ) ); $this->selective_refresh->add_partial( 'custom_header', array( 'selector' => '#wp-custom-header', 'render_callback' => 'the_custom_header_markup', 'settings' => array( 'header_video', 'external_header_video', 'header_image' ), // The image is used as a video fallback here. 'container_inclusive' => true, ) ); /* Custom Background */ $this->add_section( 'background_image', array( 'title' => __( 'Background Image' ), 'theme_supports' => 'custom-background', 'priority' => 80, ) ); $this->add_setting( 'background_image', array( 'default' => get_theme_support( 'custom-background', 'default-image' ), 'theme_supports' => 'custom-background', 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), ) ); $this->add_setting( new WP_Customize_Background_Image_Setting( $this, 'background_image_thumb', array( 'theme_supports' => 'custom-background', 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), ) ) ); $this->add_control( new WP_Customize_Background_Image_Control( $this ) ); $this->add_setting( 'background_preset', array( 'default' => get_theme_support( 'custom-background', 'default-preset' ), 'theme_supports' => 'custom-background', 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), ) ); $this->add_control( 'background_preset', array( 'label' => _x( 'Preset', 'Background Preset' ), 'section' => 'background_image', 'type' => 'select', 'choices' => array( 'default' => _x( 'Default', 'Default Preset' ), 'fill' => __( 'Fill Screen' ), 'fit' => __( 'Fit to Screen' ), 'repeat' => _x( 'Repeat', 'Repeat Image' ), 'custom' => _x( 'Custom', 'Custom Preset' ), ), ) ); $this->add_setting( 'background_position_x', array( 'default' => get_theme_support( 'custom-background', 'default-position-x' ), 'theme_supports' => 'custom-background', 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), ) ); $this->add_setting( 'background_position_y', array( 'default' => get_theme_support( 'custom-background', 'default-position-y' ), 'theme_supports' => 'custom-background', 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), ) ); $this->add_control( new WP_Customize_Background_Position_Control( $this, 'background_position', array( 'label' => __( 'Image Position' ), 'section' => 'background_image', 'settings' => array( 'x' => 'background_position_x', 'y' => 'background_position_y', ), ) ) ); $this->add_setting( 'background_size', array( 'default' => get_theme_support( 'custom-background', 'default-size' ), 'theme_supports' => 'custom-background', 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), ) ); $this->add_control( 'background_size', array( 'label' => __( 'Image Size' ), 'section' => 'background_image', 'type' => 'select', 'choices' => array( 'auto' => _x( 'Original', 'Original Size' ), 'contain' => __( 'Fit to Screen' ), 'cover' => __( 'Fill Screen' ), ), ) ); $this->add_setting( 'background_repeat', array( 'default' => get_theme_support( 'custom-background', 'default-repeat' ), 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), 'theme_supports' => 'custom-background', ) ); $this->add_control( 'background_repeat', array( 'label' => __( 'Repeat Background Image' ), 'section' => 'background_image', 'type' => 'checkbox', ) ); $this->add_setting( 'background_attachment', array( 'default' => get_theme_support( 'custom-background', 'default-attachment' ), 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), 'theme_supports' => 'custom-background', ) ); $this->add_control( 'background_attachment', array( 'label' => __( 'Scroll with Page' ), 'section' => 'background_image', 'type' => 'checkbox', ) ); /* * If the theme is using the default background callback, we can update * the background CSS using postMessage. */ if ( get_theme_support( 'custom-background', 'wp-head-callback' ) === '_custom_background_cb' ) { foreach ( array( 'color', 'image', 'preset', 'position_x', 'position_y', 'size', 'repeat', 'attachment' ) as $prop ) { $this->get_setting( 'background_' . $prop )->transport = 'postMessage'; } } /* * Static Front Page * See also https://core.trac.wordpress.org/ticket/19627 which introduces the static-front-page theme_support. * The following replicates behavior from options-reading.php. */ $this->add_section( 'static_front_page', array( 'title' => __( 'Homepage Settings' ), 'priority' => 120, 'description' => __( 'You can choose what’s displayed on the homepage of your site. It can be posts in reverse chronological order (classic blog), or a fixed/static page. To set a static homepage, you first need to create two Pages. One will become the homepage, and the other will be where your posts are displayed.' ), 'active_callback' => array( $this, 'has_published_pages' ), ) ); $this->add_setting( 'show_on_front', array( 'default' => get_option( 'show_on_front' ), 'capability' => 'manage_options', 'type' => 'option', ) ); $this->add_control( 'show_on_front', array( 'label' => __( 'Your homepage displays' ), 'section' => 'static_front_page', 'type' => 'radio', 'choices' => array( 'posts' => __( 'Your latest posts' ), 'page' => __( 'A static page' ), ), ) ); $this->add_setting( 'page_on_front', array( 'type' => 'option', 'capability' => 'manage_options', ) ); $this->add_control( 'page_on_front', array( 'label' => __( 'Homepage' ), 'section' => 'static_front_page', 'type' => 'dropdown-pages', 'allow_addition' => true, ) ); $this->add_setting( 'page_for_posts', array( 'type' => 'option', 'capability' => 'manage_options', ) ); $this->add_control( 'page_for_posts', array( 'label' => __( 'Posts page' ), 'section' => 'static_front_page', 'type' => 'dropdown-pages', 'allow_addition' => true, ) ); /* Custom CSS */ $section_description = '<p>'; $section_description .= __( 'Add your own CSS code here to customize the appearance and layout of your site.' ); $section_description .= sprintf( ' <a href="%1$s" class="external-link" target="_blank">%2$s<span class="screen-reader-text"> %3$s</span></a>', esc_url( __( 'https://developer.wordpress.org/advanced-administration/wordpress/css/' ) ), __( 'Learn more about CSS' ), /* translators: Hidden accessibility text. */ __( '(opens in a new tab)' ) ); $section_description .= '</p>'; $section_description .= '<p id="editor-keyboard-trap-help-1">' . __( 'When using a keyboard to navigate:' ) . '</p>'; $section_description .= '<ul>'; $section_description .= '<li id="editor-keyboard-trap-help-2">' . __( 'In the editing area, the Tab key enters a tab character.' ) . '</li>'; $section_description .= '<li id="editor-keyboard-trap-help-3">' . __( 'To move away from this area, press the Esc key followed by the Tab key.' ) . '</li>'; $section_description .= '<li id="editor-keyboard-trap-help-4">' . __( 'Screen reader users: when in forms mode, you may need to press the Esc key twice.' ) . '</li>'; $section_description .= '</ul>'; if ( 'false' !== wp_get_current_user()->syntax_highlighting ) { $section_description .= '<p>'; $section_description .= sprintf( /* translators: 1: Link to user profile, 2: Additional link attributes, 3: Accessibility text. */ __( 'The edit field automatically highlights code syntax. You can disable this in your <a href="%1$s" %2$s>user profile%3$s</a> to work in plain text mode.' ), esc_url( get_edit_profile_url() ), 'class="external-link" target="_blank"', sprintf( '<span class="screen-reader-text"> %s</span>', /* translators: Hidden accessibility text. */ __( '(opens in a new tab)' ) ) ); $section_description .= '</p>'; } $section_description .= '<p class="section-description-buttons">'; $section_description .= '<button type="button" class="button-link section-description-close">' . __( 'Close' ) . '</button>'; $section_description .= '</p>'; $this->add_section( 'custom_css', array( 'title' => __( 'Additional CSS' ), 'priority' => 200, 'description_hidden' => true, 'description' => $section_description, ) ); $custom_css_setting = new WP_Customize_Custom_CSS_Setting( $this, sprintf( 'custom_css[%s]', get_stylesheet() ), array( 'capability' => 'edit_css', 'default' => '', ) ); $this->add_setting( $custom_css_setting ); $this->add_control( new WP_Customize_Code_Editor_Control( $this, 'custom_css', array( 'label' => __( 'CSS code' ), 'section' => 'custom_css', 'settings' => array( 'default' => $custom_css_setting->id ), 'code_type' => 'text/css', 'input_attrs' => array( 'aria-describedby' => 'editor-keyboard-trap-help-1 editor-keyboard-trap-help-2 editor-keyboard-trap-help-3 editor-keyboard-trap-help-4', ), ) ) ); } /** * Returns whether there are published pages. * * Used as active callback for static front page section and controls. * * @since 4.7.0 * * @return bool Whether there are published (or to be published) pages. */ public function has_published_pages() { $setting = $this->get_setting( 'nav_menus_created_posts' ); if ( $setting ) { foreach ( $setting->value() as $post_id ) { if ( 'page' === get_post_type( $post_id ) ) { return true; } } } return 0 !== count( get_pages( array( 'number' => 1, 'hierarchical' => 0, ) ) ); } /** * Adds settings from the POST data that were not added with code, e.g. dynamically-created settings for Widgets * * @since 4.2.0 * * @see add_dynamic_settings() */ public function register_dynamic_settings() { $setting_ids = array_keys( $this->unsanitized_post_values() ); $this->add_dynamic_settings( $setting_ids ); } /** * Loads themes into the theme browsing/installation UI. * * @since 4.9.0 */ public function handle_load_themes_request() { check_ajax_referer( 'switch_themes', 'nonce' ); if ( ! current_user_can( 'switch_themes' ) ) { wp_die( -1 ); } if ( empty( $_POST['theme_action'] ) ) { wp_send_json_error( 'missing_theme_action' ); } $theme_action = sanitize_key( $_POST['theme_action'] ); $themes = array(); $args = array(); // Define query filters based on user input. if ( ! array_key_exists( 'search', $_POST ) ) { $args['search'] = ''; } else { $args['search'] = sanitize_text_field( wp_unslash( $_POST['search'] ) ); } if ( ! array_key_exists( 'tags', $_POST ) ) { $args['tag'] = ''; } else { $args['tag'] = array_map( 'sanitize_text_field', wp_unslash( (array) $_POST['tags'] ) ); } if ( ! array_key_exists( 'page', $_POST ) ) { $args['page'] = 1; } else { $args['page'] = absint( $_POST['page'] ); } require_once ABSPATH . 'wp-admin/includes/theme.php'; if ( 'installed' === $theme_action ) { // Load all installed themes from wp_prepare_themes_for_js(). $themes = array( 'themes' => array() ); foreach ( wp_prepare_themes_for_js() as $theme ) { $theme['type'] = 'installed'; $theme['active'] = ( isset( $_POST['customized_theme'] ) && $_POST['customized_theme'] === $theme['id'] ); $themes['themes'][] = $theme; } } elseif ( 'wporg' === $theme_action ) { // Load WordPress.org themes from the .org API and normalize data to match installed theme objects. if ( ! current_user_can( 'install_themes' ) ) { wp_die( -1 ); } // Arguments for all queries. $wporg_args = array( 'per_page' => 100, 'fields' => array( 'reviews_url' => true, // Explicitly request the reviews URL to be linked from the customizer. ), ); $args = array_merge( $wporg_args, $args ); if ( '' === $args['search'] && '' === $args['tag'] ) { $args['browse'] = 'new'; // Sort by latest themes by default. } // Load themes from the .org API. $themes = themes_api( 'query_themes', $args ); if ( is_wp_error( $themes ) ) { wp_send_json_error(); } // This list matches the allowed tags in wp-admin/includes/theme-install.php. $themes_allowedtags = array_fill_keys( array( 'a', 'abbr', 'acronym', 'code', 'pre', 'em', 'strong', 'div', 'p', 'ul', 'ol', 'li', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img' ), array() ); $themes_allowedtags['a'] = array_fill_keys( array( 'href', 'title', 'target' ), true ); $themes_allowedtags['acronym']['title'] = true; $themes_allowedtags['abbr']['title'] = true; $themes_allowedtags['img'] = array_fill_keys( array( 'src', 'class', 'alt' ), true ); // Prepare a list of installed themes to check against before the loop. $installed_themes = array(); $wp_themes = wp_get_themes(); foreach ( $wp_themes as $theme ) { $installed_themes[] = $theme->get_stylesheet(); } $update_php = network_admin_url( 'update.php?action=install-theme' ); // Set up properties for themes available on WordPress.org. foreach ( $themes->themes as &$theme ) { $theme->install_url = add_query_arg( array( 'theme' => $theme->slug, '_wpnonce' => wp_create_nonce( 'install-theme_' . $theme->slug ), ), $update_php ); $theme->name = wp_kses( $theme->name, $themes_allowedtags ); $theme->version = wp_kses( $theme->version, $themes_allowedtags ); $theme->description = wp_kses( $theme->description, $themes_allowedtags ); $theme->stars = wp_star_rating( array( 'rating' => $theme->rating, 'type' => 'percent', 'number' => $theme->num_ratings, 'echo' => false, ) ); $theme->num_ratings = number_format_i18n( $theme->num_ratings ); $theme->preview_url = set_url_scheme( $theme->preview_url ); // Handle themes that are already installed as installed themes. if ( in_array( $theme->slug, $installed_themes, true ) ) { $theme->type = 'installed'; } else { $theme->type = $theme_action; } // Set active based on customized theme. $theme->active = ( isset( $_POST['customized_theme'] ) && $_POST['customized_theme'] === $theme->slug ); // Map available theme properties to installed theme properties. $theme->id = $theme->slug; $theme->screenshot = array( $theme->screenshot_url ); $theme->authorAndUri = wp_kses( $theme->author['display_name'], $themes_allowedtags ); $theme->compatibleWP = is_wp_version_compatible( $theme->requires ); // phpcs:ignore WordPress.NamingConventions.ValidVariableName $theme->compatiblePHP = is_php_version_compatible( $theme->requires_php ); // phpcs:ignore WordPress.NamingConventions.ValidVariableName if ( isset( $theme->parent ) ) { $theme->parent = $theme->parent['slug']; } else { $theme->parent = false; } unset( $theme->slug ); unset( $theme->screenshot_url ); unset( $theme->author ); } // End foreach(). } // End if(). /** * Filters the theme data loaded in the customizer. * * This allows theme data to be loading from an external source, * or modification of data loaded from `wp_prepare_themes_for_js()` * or WordPress.org via `themes_api()`. * * @since 4.9.0 * * @see wp_prepare_themes_for_js() * @see themes_api() * @see WP_Customize_Manager::__construct() * * @param array|stdClass $themes Nested array or object of theme data. * @param array $args List of arguments, such as page, search term, and tags to query for. * @param WP_Customize_Manager $manager Instance of Customize manager. */ $themes = apply_filters( 'customize_load_themes', $themes, $args, $this ); wp_send_json_success( $themes ); } /** * Callback for validating the header_textcolor value. * * Accepts 'blank', and otherwise uses sanitize_hex_color_no_hash(). * Returns default text color if hex color is empty. * * @since 3.4.0 * * @param string $color * @return mixed */ public function _sanitize_header_textcolor( $color ) { if ( 'blank' === $color ) { return 'blank'; } $color = sanitize_hex_color_no_hash( $color ); if ( empty( $color ) ) { $color = get_theme_support( 'custom-header', 'default-text-color' ); } return $color; } /** * Callback for validating a background setting value. * * @since 4.7.0 * * @param string $value Repeat value. * @param WP_Customize_Setting $setting Setting. * @return string|WP_Error Background value or validation error. */ public function _sanitize_background_setting( $value, $setting ) { if ( 'background_repeat' === $setting->id ) { if ( ! in_array( $value, array( 'repeat-x', 'repeat-y', 'repeat', 'no-repeat' ), true ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value for background repeat.' ) ); } } elseif ( 'background_attachment' === $setting->id ) { if ( ! in_array( $value, array( 'fixed', 'scroll' ), true ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value for background attachment.' ) ); } } elseif ( 'background_position_x' === $setting->id ) { if ( ! in_array( $value, array( 'left', 'center', 'right' ), true ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value for background position X.' ) ); } } elseif ( 'background_position_y' === $setting->id ) { if ( ! in_array( $value, array( 'top', 'center', 'bottom' ), true ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value for background position Y.' ) ); } } elseif ( 'background_size' === $setting->id ) { if ( ! in_array( $value, array( 'auto', 'contain', 'cover' ), true ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value for background size.' ) ); } } elseif ( 'background_preset' === $setting->id ) { if ( ! in_array( $value, array( 'default', 'fill', 'fit', 'repeat', 'custom' ), true ) ) { return new WP_Error( 'invalid_value', __( 'Invalid value for background size.' ) ); } } elseif ( 'background_image' === $setting->id || 'background_image_thumb' === $setting->id ) { $value = empty( $value ) ? '' : sanitize_url( $value ); } else { return new WP_Error( 'unrecognized_setting', __( 'Unrecognized background setting.' ) ); } return $value; } /** * Exports header video settings to facilitate selective refresh. * * @since 4.7.0 * * @param array $response Response. * @param WP_Customize_Selective_Refresh $selective_refresh Selective refresh component. * @param array $partials Array of partials. * @return array */ public function export_header_video_settings( $response, $selective_refresh, $partials ) { if ( isset( $partials['custom_header'] ) ) { $response['custom_header_settings'] = get_header_video_settings(); } return $response; } /** * Callback for validating the header_video value. * * Ensures that the selected video is less than 8MB and provides an error message. * * @since 4.7.0 * * @param WP_Error $validity * @param mixed $value * @return mixed */ public function _validate_header_video( $validity, $value ) { $video = get_attached_file( absint( $value ) ); if ( $video ) { $size = filesize( $video ); if ( $size > 8 * MB_IN_BYTES ) { $validity->add( 'size_too_large', __( 'This video file is too large to use as a header video. Try a shorter video or optimize the compression settings and re-upload a file that is less than 8MB. Or, upload your video to YouTube and link it with the option below.' ) ); } if ( ! str_ends_with( $video, '.mp4' ) && ! str_ends_with( $video, '.mov' ) ) { // Check for .mp4 or .mov format, which (assuming h.264 encoding) are the only cross-browser-supported formats. $validity->add( 'invalid_file_type', sprintf( /* translators: 1: .mp4, 2: .mov */ __( 'Only %1$s or %2$s files may be used for header video. Please convert your video file and try again, or, upload your video to YouTube and link it with the option below.' ), '<code>.mp4</code>', '<code>.mov</code>' ) ); } } return $validity; } /** * Callback for validating the external_header_video value. * * Ensures that the provided URL is supported. * * @since 4.7.0 * * @param WP_Error $validity * @param mixed $value * @return mixed */ public function _validate_external_header_video( $validity, $value ) { $video = sanitize_url( $value ); if ( $video ) { if ( ! preg_match( '#^https?://(?:www\.)?(?:youtube\.com/watch|youtu\.be/)#', $video ) ) { $validity->add( 'invalid_url', __( 'Please enter a valid YouTube URL.' ) ); } } return $validity; } /** * Callback for sanitizing the external_header_video value. * * @since 4.7.1 * * @param string $value URL. * @return string Sanitized URL. */ public function _sanitize_external_header_video( $value ) { return sanitize_url( trim( $value ) ); } /** * Callback for rendering the custom logo, used in the custom_logo partial. * * This method exists because the partial object and context data are passed * into a partial's render_callback so we cannot use get_custom_logo() as * the render_callback directly since it expects a blog ID as the first * argument. * * @see WP_Customize_Manager::register_controls() * * @since 4.5.0 * * @return string Custom logo. */ public function _render_custom_logo_partial() { return get_custom_logo(); } } https-detection-20260605100735.php 0000666 00000013341 15225074365 0011774 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605215107.php 0000666 00000011205 15225074365 0012004 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260615135341.php 0000666 00000013341 15225074365 0011776 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605082717.php 0000666 00000013341 15225074365 0012005 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605081204.php 0000666 00000011205 15225074365 0012003 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } embed.php 0000666 00000113777 15225074365 0006366 0 ustar 00 <?php /** * oEmbed API: Top-level oEmbed functionality * * @package WordPress * @subpackage oEmbed * @since 4.4.0 */ /** * Registers an embed handler. * * Should probably only be used for sites that do not support oEmbed. * * @since 2.9.0 * * @global WP_Embed $wp_embed WordPress Embed object. * * @param string $id An internal ID/name for the handler. Needs to be unique. * @param string $regex The regex that will be used to see if this handler should be used for a URL. * @param callable $callback The callback function that will be called if the regex is matched. * @param int $priority Optional. Used to specify the order in which the registered handlers will * be tested. Default 10. */ function wp_embed_register_handler( $id, $regex, $callback, $priority = 10 ) { global $wp_embed; $wp_embed->register_handler( $id, $regex, $callback, $priority ); } /** * Unregisters a previously-registered embed handler. * * @since 2.9.0 * * @global WP_Embed $wp_embed WordPress Embed object. * * @param string $id The handler ID that should be removed. * @param int $priority Optional. The priority of the handler to be removed. Default 10. */ function wp_embed_unregister_handler( $id, $priority = 10 ) { global $wp_embed; $wp_embed->unregister_handler( $id, $priority ); } /** * Creates default array of embed parameters. * * The width defaults to the content width as specified by the theme. If the * theme does not specify a content width, then 500px is used. * * The default height is 1.5 times the width, or 1000px, whichever is smaller. * * The {@see 'embed_defaults'} filter can be used to adjust either of these values. * * @since 2.9.0 * * @global int $content_width * * @param string $url Optional. The URL that should be embedded. Default empty. * @return int[] { * Indexed array of the embed width and height in pixels. * * @type int $0 The embed width. * @type int $1 The embed height. * } */ function wp_embed_defaults( $url = '' ) { if ( ! empty( $GLOBALS['content_width'] ) ) { $width = (int) $GLOBALS['content_width']; } if ( empty( $width ) ) { $width = 500; } $height = min( (int) ceil( $width * 1.5 ), 1000 ); /** * Filters the default array of embed dimensions. * * @since 2.9.0 * * @param int[] $size { * Indexed array of the embed width and height in pixels. * * @type int $0 The embed width. * @type int $1 The embed height. * } * @param string $url The URL that should be embedded. */ return apply_filters( 'embed_defaults', compact( 'width', 'height' ), $url ); } /** * Attempts to fetch the embed HTML for a provided URL using oEmbed. * * @since 2.9.0 * * @see WP_oEmbed * * @param string $url The URL that should be embedded. * @param array|string $args { * Optional. Additional arguments for retrieving embed HTML. Default empty. * * @type int|string $width Optional. The `maxwidth` value passed to the provider URL. * @type int|string $height Optional. The `maxheight` value passed to the provider URL. * @type bool $discover Optional. Determines whether to attempt to discover link tags * at the given URL for an oEmbed provider when the provider URL * is not found in the built-in providers list. Default true. * } * @return string|false The embed HTML on success, false on failure. */ function wp_oembed_get( $url, $args = '' ) { $oembed = _wp_oembed_get_object(); return $oembed->get_html( $url, $args ); } /** * Returns the initialized WP_oEmbed object. * * @since 2.9.0 * @access private * * @return WP_oEmbed object. */ function _wp_oembed_get_object() { static $wp_oembed = null; if ( is_null( $wp_oembed ) ) { $wp_oembed = new WP_oEmbed(); } return $wp_oembed; } /** * Adds a URL format and oEmbed provider URL pair. * * @since 2.9.0 * * @see WP_oEmbed * * @param string $format The format of URL that this provider can handle. You can use asterisks * as wildcards. * @param string $provider The URL to the oEmbed provider. * @param bool $regex Optional. Whether the `$format` parameter is in a RegEx format. Default false. */ function wp_oembed_add_provider( $format, $provider, $regex = false ) { if ( did_action( 'plugins_loaded' ) ) { $oembed = _wp_oembed_get_object(); $oembed->providers[ $format ] = array( $provider, $regex ); } else { WP_oEmbed::_add_provider_early( $format, $provider, $regex ); } } /** * Removes an oEmbed provider. * * @since 3.5.0 * * @see WP_oEmbed * * @param string $format The URL format for the oEmbed provider to remove. * @return bool Was the provider removed successfully? */ function wp_oembed_remove_provider( $format ) { if ( did_action( 'plugins_loaded' ) ) { $oembed = _wp_oembed_get_object(); if ( isset( $oembed->providers[ $format ] ) ) { unset( $oembed->providers[ $format ] ); return true; } } else { WP_oEmbed::_remove_provider_early( $format ); } return false; } /** * Determines if default embed handlers should be loaded. * * Checks to make sure that the embeds library hasn't already been loaded. If * it hasn't, then it will load the embeds library. * * @since 2.9.0 * * @see wp_embed_register_handler() */ function wp_maybe_load_embeds() { /** * Filters whether to load the default embed handlers. * * Returning a falsey value will prevent loading the default embed handlers. * * @since 2.9.0 * * @param bool $maybe_load_embeds Whether to load the embeds library. Default true. */ if ( ! apply_filters( 'load_default_embeds', true ) ) { return; } wp_embed_register_handler( 'youtube_embed_url', '#https?://(www\.)?youtube\.com/(?:v|embed)/([^/]+)#i', 'wp_embed_handler_youtube' ); /** * Filters the audio embed handler callback. * * @since 3.6.0 * * @param callable $handler Audio embed handler callback function. */ wp_embed_register_handler( 'audio', '#^https?://.+?\.(' . implode( '|', wp_get_audio_extensions() ) . ')$#i', apply_filters( 'wp_audio_embed_handler', 'wp_embed_handler_audio' ), 9999 ); /** * Filters the video embed handler callback. * * @since 3.6.0 * * @param callable $handler Video embed handler callback function. */ wp_embed_register_handler( 'video', '#^https?://.+?\.(' . implode( '|', wp_get_video_extensions() ) . ')$#i', apply_filters( 'wp_video_embed_handler', 'wp_embed_handler_video' ), 9999 ); } /** * YouTube iframe embed handler callback. * * Catches YouTube iframe embed URLs that are not parsable by oEmbed but can be translated into a URL that is. * * @since 4.0.0 * * @global WP_Embed $wp_embed WordPress Embed object. * * @param array $matches The RegEx matches from the provided regex when calling * wp_embed_register_handler(). * @param array $attr Embed attributes. * @param string $url The original URL that was matched by the regex. * @param array $rawattr The original unmodified attributes. * @return string The embed HTML. */ function wp_embed_handler_youtube( $matches, $attr, $url, $rawattr ) { global $wp_embed; $embed = $wp_embed->autoembed( sprintf( 'https://youtube.com/watch?v=%s', urlencode( $matches[2] ) ) ); /** * Filters the YouTube embed output. * * @since 4.0.0 * * @see wp_embed_handler_youtube() * * @param string $embed YouTube embed output. * @param array $attr An array of embed attributes. * @param string $url The original URL that was matched by the regex. * @param array $rawattr The original unmodified attributes. */ return apply_filters( 'wp_embed_handler_youtube', $embed, $attr, $url, $rawattr ); } /** * Audio embed handler callback. * * @since 3.6.0 * * @param array $matches The RegEx matches from the provided regex when calling wp_embed_register_handler(). * @param array $attr Embed attributes. * @param string $url The original URL that was matched by the regex. * @param array $rawattr The original unmodified attributes. * @return string The embed HTML. */ function wp_embed_handler_audio( $matches, $attr, $url, $rawattr ) { $audio = sprintf( '[audio src="%s" /]', esc_url( $url ) ); /** * Filters the audio embed output. * * @since 3.6.0 * * @param string $audio Audio embed output. * @param array $attr An array of embed attributes. * @param string $url The original URL that was matched by the regex. * @param array $rawattr The original unmodified attributes. */ return apply_filters( 'wp_embed_handler_audio', $audio, $attr, $url, $rawattr ); } /** * Video embed handler callback. * * @since 3.6.0 * * @param array $matches The RegEx matches from the provided regex when calling wp_embed_register_handler(). * @param array $attr Embed attributes. * @param string $url The original URL that was matched by the regex. * @param array $rawattr The original unmodified attributes. * @return string The embed HTML. */ function wp_embed_handler_video( $matches, $attr, $url, $rawattr ) { $dimensions = ''; if ( ! empty( $rawattr['width'] ) && ! empty( $rawattr['height'] ) ) { $dimensions .= sprintf( 'width="%d" ', (int) $rawattr['width'] ); $dimensions .= sprintf( 'height="%d" ', (int) $rawattr['height'] ); } $video = sprintf( '[video %s src="%s" /]', $dimensions, esc_url( $url ) ); /** * Filters the video embed output. * * @since 3.6.0 * * @param string $video Video embed output. * @param array $attr An array of embed attributes. * @param string $url The original URL that was matched by the regex. * @param array $rawattr The original unmodified attributes. */ return apply_filters( 'wp_embed_handler_video', $video, $attr, $url, $rawattr ); } /** * Registers the oEmbed REST API route. * * @since 4.4.0 */ function wp_oembed_register_route() { $controller = new WP_oEmbed_Controller(); $controller->register_routes(); } /** * Adds oEmbed discovery links in the head element of the website. * * @since 4.4.0 * @since 6.8.0 Output was adjusted to only embed if the post supports it. * @since 6.9.0 Now runs first at `wp_head` priority 4, with a fallback to priority 10. This helps ensure the discovery links appear within the first 150KB. */ function wp_oembed_add_discovery_links() { if ( doing_action( 'wp_head' ) ) { // For back-compat, short-circuit if a plugin has removed the action at the original priority. if ( ! has_action( 'wp_head', 'wp_oembed_add_discovery_links', 10 ) ) { return; } // Prevent running again at the original priority. remove_action( 'wp_head', 'wp_oembed_add_discovery_links' ); } $output = ''; if ( is_singular() && is_post_embeddable() ) { $output .= '<link rel="alternate" title="' . _x( 'oEmbed (JSON)', 'oEmbed resource link name' ) . '" type="application/json+oembed" href="' . esc_url( get_oembed_endpoint_url( get_permalink() ) ) . '" />' . "\n"; if ( class_exists( 'SimpleXMLElement' ) ) { $output .= '<link rel="alternate" title="' . _x( 'oEmbed (XML)', 'oEmbed resource link name' ) . '" type="text/xml+oembed" href="' . esc_url( get_oembed_endpoint_url( get_permalink(), 'xml' ) ) . '" />' . "\n"; } } /** * Filters the oEmbed discovery links HTML. * * @since 4.4.0 * * @param string $output HTML of the discovery links. */ echo apply_filters( 'oembed_discovery_links', $output ); } /** * Adds the necessary JavaScript to communicate with the embedded iframes. * * This function is no longer used directly. For back-compat it exists exclusively as a way to indicate that the oEmbed * host JS _should_ be added. In `default-filters.php` there remains this code: * * add_action( 'wp_head', 'wp_oembed_add_host_js' ) * * Historically a site has been able to disable adding the oEmbed host script by doing: * * remove_action( 'wp_head', 'wp_oembed_add_host_js' ) * * In order to ensure that such code still works as expected, this function remains. There is now a `has_action()` check * in `wp_maybe_enqueue_oembed_host_js()` to see if `wp_oembed_add_host_js()` has not been unhooked from running at the * `wp_head` action. * * @since 4.4.0 * @deprecated 5.9.0 Use {@see wp_maybe_enqueue_oembed_host_js()} instead. */ function wp_oembed_add_host_js() {} /** * Enqueue the wp-embed script if the provided oEmbed HTML contains a post embed. * * In order to only enqueue the wp-embed script on pages that actually contain post embeds, this function checks if the * provided HTML contains post embed markup and if so enqueues the script so that it will get printed in the footer. * * @since 5.9.0 * * @param string $html Embed markup. * @return string Embed markup (without modifications). */ function wp_maybe_enqueue_oembed_host_js( $html ) { if ( has_action( 'wp_head', 'wp_oembed_add_host_js' ) && preg_match( '/<blockquote\s[^>]*?wp-embedded-content/', $html ) ) { wp_enqueue_script( 'wp-embed' ); } return $html; } /** * Retrieves the URL to embed a specific post in an iframe. * * @since 4.4.0 * * @param int|WP_Post $post Optional. Post ID or object. Defaults to the current post. * @return string|false The post embed URL on success, false if the post doesn't exist. */ function get_post_embed_url( $post = null ) { $post = get_post( $post ); if ( ! $post ) { return false; } $embed_url = trailingslashit( get_permalink( $post ) ) . user_trailingslashit( 'embed' ); $path_conflict = get_page_by_path( str_replace( home_url(), '', $embed_url ), OBJECT, get_post_types( array( 'public' => true ) ) ); if ( ! get_option( 'permalink_structure' ) || $path_conflict ) { $embed_url = add_query_arg( array( 'embed' => 'true' ), get_permalink( $post ) ); } /** * Filters the URL to embed a specific post. * * @since 4.4.0 * * @param string $embed_url The post embed URL. * @param WP_Post $post The corresponding post object. */ return sanitize_url( apply_filters( 'post_embed_url', $embed_url, $post ) ); } /** * Retrieves the oEmbed endpoint URL for a given permalink. * * Pass an empty string as the first argument to get the endpoint base URL. * * @since 4.4.0 * * @param string $permalink Optional. The permalink used for the `url` query arg. Default empty. * @param string $format Optional. The requested response format. Default 'json'. * @return string The oEmbed endpoint URL. */ function get_oembed_endpoint_url( $permalink = '', $format = 'json' ) { $url = rest_url( 'oembed/1.0/embed' ); if ( '' !== $permalink ) { $url = add_query_arg( array( 'url' => urlencode( $permalink ), 'format' => ( 'json' !== $format ) ? $format : false, ), $url ); } /** * Filters the oEmbed endpoint URL. * * @since 4.4.0 * * @param string $url The URL to the oEmbed endpoint. * @param string $permalink The permalink used for the `url` query arg. * @param string $format The requested response format. */ return apply_filters( 'oembed_endpoint_url', $url, $permalink, $format ); } /** * Retrieves the embed code for a specific post. * * @since 4.4.0 * * @param int $width The width for the response. * @param int $height The height for the response. * @param int|WP_Post $post Optional. Post ID or object. Default is global `$post`. * @return string|false Embed code on success, false if post doesn't exist. */ function get_post_embed_html( $width, $height, $post = null ) { $post = get_post( $post ); if ( ! $post ) { return false; } $embed_url = get_post_embed_url( $post ); $secret = wp_generate_password( 10, false ); $embed_url .= "#?secret={$secret}"; $output = sprintf( '<blockquote class="wp-embedded-content" data-secret="%1$s"><a href="%2$s">%3$s</a></blockquote>', esc_attr( $secret ), esc_url( get_permalink( $post ) ), get_the_title( $post ) ); $output .= sprintf( '<iframe sandbox="allow-scripts" security="restricted" src="%1$s" width="%2$d" height="%3$d" title="%4$s" data-secret="%5$s" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe>', esc_url( $embed_url ), absint( $width ), absint( $height ), esc_attr( sprintf( /* translators: 1: Post title, 2: Site title. */ __( '“%1$s” — %2$s' ), get_the_title( $post ), get_bloginfo( 'name' ) ) ), esc_attr( $secret ) ); /* * Note that the script must be placed after the <blockquote> and <iframe> due to a regexp parsing issue in * `wp_filter_oembed_result()`. Because of the regex pattern starts with `|(<blockquote>.*?</blockquote>)?.*|` * wherein the <blockquote> is marked as being optional, if it is not at the beginning of the string then the group * will fail to match and everything will be matched by `.*` and not included in the group. This regex issue goes * back to WordPress 4.4, so in order to not break older installs this script must come at the end. */ $js_path = '/js/wp-embed' . wp_scripts_get_suffix() . '.js'; $output .= wp_get_inline_script_tag( trim( file_get_contents( ABSPATH . WPINC . $js_path ) ) . "\n//# sourceURL=" . esc_url_raw( includes_url( $js_path ) ) ); /** * Filters the embed HTML output for a given post. * * @since 4.4.0 * * @param string $output The default iframe tag to display embedded content. * @param WP_Post $post Current post object. * @param int $width Width of the response. * @param int $height Height of the response. */ return apply_filters( 'embed_html', $output, $post, $width, $height ); } /** * Retrieves the oEmbed response data for a given post. * * @since 4.4.0 * @since 6.8.0 Output was adjusted to only embed if the post type supports it. * * @param WP_Post|int $post Post ID or post object. * @param int $width The requested width. * @return array|false Response data on success, false if post doesn't exist, * is not publicly viewable or post type is not embeddable. */ function get_oembed_response_data( $post, $width ) { $post = get_post( $post ); $width = absint( $width ); if ( ! $post ) { return false; } if ( ! is_post_publicly_viewable( $post ) ) { return false; } if ( ! is_post_embeddable( $post ) ) { return false; } /** * Filters the allowed minimum and maximum widths for the oEmbed response. * * @since 4.4.0 * * @param array $min_max_width { * Minimum and maximum widths for the oEmbed response. * * @type int $min Minimum width. Default 200. * @type int $max Maximum width. Default 600. * } */ $min_max_width = apply_filters( 'oembed_min_max_width', array( 'min' => 200, 'max' => 600, ) ); $width = min( max( $min_max_width['min'], $width ), $min_max_width['max'] ); $height = max( (int) ceil( $width / 16 * 9 ), 200 ); $data = array( 'version' => '1.0', 'provider_name' => get_bloginfo( 'name' ), 'provider_url' => get_home_url(), 'author_name' => get_bloginfo( 'name' ), 'author_url' => get_home_url(), 'title' => get_the_title( $post ), 'type' => 'link', ); $author = get_userdata( $post->post_author ); if ( $author ) { $data['author_name'] = $author->display_name; $data['author_url'] = get_author_posts_url( $author->ID ); } /** * Filters the oEmbed response data. * * @since 4.4.0 * * @param array $data The response data. * @param WP_Post $post The post object. * @param int $width The requested width. * @param int $height The calculated height. */ return apply_filters( 'oembed_response_data', $data, $post, $width, $height ); } /** * Retrieves the oEmbed response data for a given URL. * * @since 5.0.0 * * @param string $url The URL that should be inspected for discovery `<link>` tags. * @param array $args oEmbed remote get arguments. * @return object|false oEmbed response data if the URL does belong to the current site. False otherwise. */ function get_oembed_response_data_for_url( $url, $args ) { $switched_blog = false; if ( is_multisite() ) { $url_parts = wp_parse_args( wp_parse_url( $url ), array( 'host' => '', 'port' => null, 'path' => '/', ) ); $qv = array( 'domain' => $url_parts['host'] . ( $url_parts['port'] ? ':' . $url_parts['port'] : '' ), 'path' => '/', 'update_site_meta_cache' => false, ); // In case of subdirectory configs, set the path. if ( ! is_subdomain_install() ) { $path = explode( '/', ltrim( $url_parts['path'], '/' ) ); $path = reset( $path ); if ( $path ) { $qv['path'] = get_network()->path . $path . '/'; } } $sites = get_sites( $qv ); $site = reset( $sites ); // Do not allow embeds for deleted/archived/spam sites. if ( ! empty( $site->deleted ) || ! empty( $site->spam ) || ! empty( $site->archived ) ) { return false; } if ( $site && get_current_blog_id() !== (int) $site->blog_id ) { switch_to_blog( $site->blog_id ); $switched_blog = true; } } $post_id = url_to_postid( $url ); /** This filter is documented in wp-includes/class-wp-oembed-controller.php */ $post_id = apply_filters( 'oembed_request_post_id', $post_id, $url ); if ( ! $post_id ) { if ( $switched_blog ) { restore_current_blog(); } return false; } $width = isset( $args['width'] ) ? $args['width'] : 0; $data = get_oembed_response_data( $post_id, $width ); if ( $switched_blog ) { restore_current_blog(); } return $data ? (object) $data : false; } /** * Filters the oEmbed response data to return an iframe embed code. * * @since 4.4.0 * * @param array $data The response data. * @param WP_Post $post The post object. * @param int $width The requested width. * @param int $height The calculated height. * @return array The modified response data. */ function get_oembed_response_data_rich( $data, $post, $width, $height ) { $data['width'] = absint( $width ); $data['height'] = absint( $height ); $data['type'] = 'rich'; $data['html'] = get_post_embed_html( $width, $height, $post ); // Add post thumbnail to response if available. $thumbnail_id = false; if ( has_post_thumbnail( $post->ID ) ) { $thumbnail_id = get_post_thumbnail_id( $post->ID ); } if ( 'attachment' === get_post_type( $post ) ) { if ( wp_attachment_is_image( $post ) ) { $thumbnail_id = $post->ID; } elseif ( wp_attachment_is( 'video', $post ) ) { $thumbnail_id = get_post_thumbnail_id( $post ); $data['type'] = 'video'; } } if ( $thumbnail_id ) { list( $thumbnail_url, $thumbnail_width, $thumbnail_height ) = wp_get_attachment_image_src( $thumbnail_id, array( $width, 0 ) ); $data['thumbnail_url'] = $thumbnail_url; $data['thumbnail_width'] = $thumbnail_width; $data['thumbnail_height'] = $thumbnail_height; } return $data; } /** * Ensures that the specified format is either 'json' or 'xml'. * * @since 4.4.0 * * @param string $format The oEmbed response format. Accepts 'json' or 'xml'. * @return string The format, either 'xml' or 'json'. Default 'json'. */ function wp_oembed_ensure_format( $format ) { if ( ! in_array( $format, array( 'json', 'xml' ), true ) ) { return 'json'; } return $format; } /** * Hooks into the REST API output to print XML instead of JSON. * * This is only done for the oEmbed API endpoint, * which supports both formats. * * @access private * @since 4.4.0 * * @param bool $served Whether the request has already been served. * @param WP_HTTP_Response $result Result to send to the client. Usually a `WP_REST_Response`. * @param WP_REST_Request $request Request used to generate the response. * @param WP_REST_Server $server Server instance. * @return bool True if the request was served, false otherwise. */ function _oembed_rest_pre_serve_request( $served, $result, $request, $server ) { $params = $request->get_params(); if ( '/oembed/1.0/embed' !== $request->get_route() || 'GET' !== $request->get_method() ) { return $served; } if ( ! isset( $params['format'] ) || 'xml' !== $params['format'] ) { return $served; } // Embed links inside the request. $data = $server->response_to_data( $result, false ); if ( ! class_exists( 'SimpleXMLElement' ) ) { status_header( 501 ); die( get_status_header_desc( 501 ) ); } $result = _oembed_create_xml( $data ); // Bail if there's no XML. if ( ! $result ) { status_header( 501 ); die( get_status_header_desc( 501 ) ); } if ( ! headers_sent() ) { $server->send_header( 'Content-Type', 'text/xml; charset=' . get_option( 'blog_charset' ) ); } echo $result; return true; } /** * Creates an XML string from a given array. * * @since 4.4.0 * @access private * * @param array $data The original oEmbed response data. * @param SimpleXMLElement $node Optional. XML node to append the result to recursively. * @return string|false XML string on success, false on error. */ function _oembed_create_xml( $data, $node = null ) { if ( ! is_array( $data ) || empty( $data ) ) { return false; } if ( null === $node ) { $node = new SimpleXMLElement( '<oembed></oembed>' ); } foreach ( $data as $key => $value ) { if ( is_numeric( $key ) ) { $key = 'oembed'; } if ( is_array( $value ) ) { $item = $node->addChild( $key ); _oembed_create_xml( $value, $item ); } else { $node->addChild( $key, esc_html( $value ) ); } } return $node->asXML(); } /** * Filters the given oEmbed HTML to make sure iframes have a title attribute. * * @since 5.2.0 * * @param string|false $result The oEmbed HTML result. * @param object $data A data object result from an oEmbed provider. * @param string $url The URL of the content to be embedded. * @return string|false The filtered oEmbed result. */ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) { if ( false === $result || ! in_array( $data->type, array( 'rich', 'video' ), true ) ) { return $result; } $title = ! empty( $data->title ) ? $data->title : ''; $pattern = '`<iframe([^>]*)>`i'; if ( preg_match( $pattern, $result, $matches ) ) { $attrs = wp_kses_hair( $matches[1], wp_allowed_protocols() ); foreach ( $attrs as $attr => $item ) { $lower_attr = strtolower( $attr ); if ( $lower_attr === $attr ) { continue; } if ( ! isset( $attrs[ $lower_attr ] ) ) { $attrs[ $lower_attr ] = $item; unset( $attrs[ $attr ] ); } } } if ( ! empty( $attrs['title']['value'] ) ) { $title = $attrs['title']['value']; } /** * Filters the title attribute of the given oEmbed HTML iframe. * * @since 5.2.0 * * @param string $title The title attribute. * @param string $result The oEmbed HTML result. * @param object $data A data object result from an oEmbed provider. * @param string $url The URL of the content to be embedded. */ $title = apply_filters( 'oembed_iframe_title_attribute', $title, $result, $data, $url ); if ( '' === $title ) { return $result; } if ( isset( $attrs['title'] ) ) { unset( $attrs['title'] ); $attr_string = implode( ' ', wp_list_pluck( $attrs, 'whole' ) ); $result = str_replace( $matches[0], '<iframe ' . trim( $attr_string ) . '>', $result ); } return str_ireplace( '<iframe ', sprintf( '<iframe title="%s" ', esc_attr( $title ) ), $result ); } /** * Filters the given oEmbed HTML. * * If the `$url` isn't on the trusted providers list, * we need to filter the HTML heavily for security. * * Only filters 'rich' and 'video' response types. * * @since 4.4.0 * * @param string|false $result The oEmbed HTML result. * @param object $data A data object result from an oEmbed provider. * @param string $url The URL of the content to be embedded. * @return string|false The filtered and sanitized oEmbed result. */ function wp_filter_oembed_result( $result, $data, $url ) { if ( false === $result || ! in_array( $data->type, array( 'rich', 'video' ), true ) ) { return $result; } $wp_oembed = _wp_oembed_get_object(); // Don't modify the HTML for trusted providers. if ( false !== $wp_oembed->get_provider( $url, array( 'discover' => false ) ) ) { return $result; } $allowed_html = array( 'a' => array( 'href' => true, ), 'blockquote' => array(), 'iframe' => array( 'src' => true, 'width' => true, 'height' => true, 'frameborder' => true, 'marginwidth' => true, 'marginheight' => true, 'scrolling' => true, 'title' => true, ), ); $html = wp_kses( $result, $allowed_html ); preg_match( '|(<blockquote>.*?</blockquote>)?.*(<iframe.*?></iframe>)|ms', $html, $content ); // We require at least the iframe to exist. if ( empty( $content[2] ) ) { return false; } $html = $content[1] . $content[2]; preg_match( '/ src=([\'"])(.*?)\1/', $html, $results ); if ( ! empty( $results ) ) { $secret = wp_generate_password( 10, false ); $url = esc_url( "{$results[2]}#?secret=$secret" ); $q = $results[1]; $html = str_replace( $results[0], ' src=' . $q . $url . $q . ' data-secret=' . $q . $secret . $q, $html ); $html = str_replace( '<blockquote', "<blockquote data-secret=\"$secret\"", $html ); } $allowed_html['blockquote']['data-secret'] = true; $allowed_html['iframe']['data-secret'] = true; $html = wp_kses( $html, $allowed_html ); if ( ! empty( $content[1] ) ) { // We have a blockquote to fall back on. Hide the iframe by default. $html = str_replace( '<iframe', '<iframe style="position: absolute; visibility: hidden;"', $html ); $html = str_replace( '<blockquote', '<blockquote class="wp-embedded-content"', $html ); } $html = str_ireplace( '<iframe', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $html ); return $html; } /** * Filters the string in the 'more' link displayed after a trimmed excerpt. * * Replaces '[...]' (appended to automatically generated excerpts) with an * ellipsis and a "Continue reading" link in the embed template. * * @since 4.4.0 * * @param string $more_string Default 'more' string. * @return string 'Continue reading' link prepended with an ellipsis. */ function wp_embed_excerpt_more( $more_string ) { if ( ! is_embed() ) { return $more_string; } $link = sprintf( '<a href="%1$s" class="wp-embed-more" target="_top">%2$s</a>', esc_url( get_permalink() ), /* translators: %s: Post title. */ sprintf( __( 'Continue reading %s' ), '<span class="screen-reader-text">' . get_the_title() . '</span>' ) ); return ' … ' . $link; } /** * Displays the post excerpt for the embed template. * * Intended to be used in 'The Loop'. * * @since 4.4.0 */ function the_excerpt_embed() { $output = get_the_excerpt(); /** * Filters the post excerpt for the embed template. * * @since 4.4.0 * * @param string $output The current post excerpt. */ echo apply_filters( 'the_excerpt_embed', $output ); } /** * Filters the post excerpt for the embed template. * * Shows players for video and audio attachments. * * @since 4.4.0 * * @param string $content The current post excerpt. * @return string The modified post excerpt. */ function wp_embed_excerpt_attachment( $content ) { if ( is_attachment() ) { return prepend_attachment( '' ); } return $content; } /** * Enqueues embed iframe default CSS and JS. * * Enqueue PNG fallback CSS for embed iframe for legacy versions of IE. * * Allows plugins to queue scripts for the embed iframe end using wp_enqueue_script(). * Runs first in oembed_head(). * * @since 4.4.0 */ function enqueue_embed_scripts() { /** * Fires when scripts and styles are enqueued for the embed iframe. * * @since 4.4.0 */ do_action( 'enqueue_embed_scripts' ); } /** * Enqueues the CSS in the embed iframe header. * * @since 6.4.0 */ function wp_enqueue_embed_styles() { // Back-compat for plugins that disable functionality by unhooking this action. if ( ! has_action( 'embed_head', 'print_embed_styles' ) ) { return; } remove_action( 'embed_head', 'print_embed_styles' ); $suffix = wp_scripts_get_suffix(); $handle = 'wp-embed-template'; wp_register_style( $handle, false ); wp_add_inline_style( $handle, file_get_contents( ABSPATH . WPINC . "/css/wp-embed-template$suffix.css" ) ); wp_enqueue_style( $handle ); } /** * Prints the JavaScript in the embed iframe header. * * @since 4.4.0 */ function print_embed_scripts() { $js_path = '/js/wp-embed-template' . wp_scripts_get_suffix() . '.js'; wp_print_inline_script_tag( trim( file_get_contents( ABSPATH . WPINC . $js_path ) ) . "\n//# sourceURL=" . esc_url_raw( includes_url( $js_path ) ) ); } /** * Prepare the oembed HTML to be displayed in an RSS feed. * * @since 4.4.0 * @access private * * @param string $content The content to filter. * @return string The filtered content. */ function _oembed_filter_feed_content( $content ) { $p = new WP_HTML_Tag_Processor( $content ); while ( $p->next_tag( array( 'tag_name' => 'iframe' ) ) ) { if ( $p->has_class( 'wp-embedded-content' ) ) { $p->remove_attribute( 'style' ); } } return $p->get_updated_html(); } /** * Prints the necessary markup for the embed comments button. * * @since 4.4.0 */ function print_embed_comments_button() { if ( is_404() || ! ( get_comments_number() || comments_open() ) ) { return; } ?> <div class="wp-embed-comments"> <a href="<?php comments_link(); ?>" target="_top"> <span class="dashicons dashicons-admin-comments"></span> <?php printf( /* translators: %s: Number of comments. */ _n( '%s <span class="screen-reader-text">Comment</span>', '%s <span class="screen-reader-text">Comments</span>', get_comments_number() ), number_format_i18n( get_comments_number() ) ); ?> </a> </div> <?php } /** * Prints the necessary markup for the embed sharing button. * * @since 4.4.0 */ function print_embed_sharing_button() { if ( is_404() ) { return; } ?> <div class="wp-embed-share"> <button type="button" class="wp-embed-share-dialog-open" aria-label="<?php esc_attr_e( 'Open sharing dialog' ); ?>"> <span class="dashicons dashicons-share"></span> </button> </div> <?php } /** * Prints the necessary markup for the embed sharing dialog. * * @since 4.4.0 */ function print_embed_sharing_dialog() { if ( is_404() ) { return; } $unique_suffix = get_the_ID() . '-' . wp_rand(); $share_tab_wordpress_id = 'wp-embed-share-tab-wordpress-' . $unique_suffix; $share_tab_html_id = 'wp-embed-share-tab-html-' . $unique_suffix; $description_wordpress_id = 'wp-embed-share-description-wordpress-' . $unique_suffix; $description_html_id = 'wp-embed-share-description-html-' . $unique_suffix; ?> <div class="wp-embed-share-dialog hidden" role="dialog" aria-label="<?php esc_attr_e( 'Sharing options' ); ?>"> <div class="wp-embed-share-dialog-content"> <div class="wp-embed-share-dialog-text"> <ul class="wp-embed-share-tabs" role="tablist"> <li class="wp-embed-share-tab-button wp-embed-share-tab-button-wordpress" role="presentation"> <button type="button" role="tab" aria-controls="<?php echo $share_tab_wordpress_id; ?>" aria-selected="true" tabindex="0"><?php esc_html_e( 'WordPress Embed' ); ?></button> </li> <li class="wp-embed-share-tab-button wp-embed-share-tab-button-html" role="presentation"> <button type="button" role="tab" aria-controls="<?php echo $share_tab_html_id; ?>" aria-selected="false" tabindex="-1"><?php esc_html_e( 'HTML Embed' ); ?></button> </li> </ul> <div id="<?php echo $share_tab_wordpress_id; ?>" class="wp-embed-share-tab" role="tabpanel" aria-hidden="false"> <input type="text" value="<?php the_permalink(); ?>" class="wp-embed-share-input" aria-label="<?php esc_attr_e( 'URL' ); ?>" aria-describedby="<?php echo $description_wordpress_id; ?>" tabindex="0" readonly/> <p class="wp-embed-share-description" id="<?php echo $description_wordpress_id; ?>"> <?php _e( 'Copy and paste this URL into your WordPress site to embed' ); ?> </p> </div> <div id="<?php echo $share_tab_html_id; ?>" class="wp-embed-share-tab" role="tabpanel" aria-hidden="true"> <textarea class="wp-embed-share-input" aria-label="<?php esc_attr_e( 'HTML' ); ?>" aria-describedby="<?php echo $description_html_id; ?>" tabindex="0" readonly><?php echo esc_textarea( get_post_embed_html( 600, 400 ) ); ?></textarea> <p class="wp-embed-share-description" id="<?php echo $description_html_id; ?>"> <?php _e( 'Copy and paste this code into your site to embed' ); ?> </p> </div> </div> <button type="button" class="wp-embed-share-dialog-close" aria-label="<?php esc_attr_e( 'Close sharing dialog' ); ?>"> <span class="dashicons dashicons-no"></span> </button> </div> </div> <?php } /** * Prints the necessary markup for the site title in an embed template. * * @since 4.5.0 */ function the_embed_site_title() { $site_title = sprintf( '<a href="%s" target="_top"><img src="%s" srcset="%s 2x" width="32" height="32" alt="" class="wp-embed-site-icon" /><span>%s</span></a>', esc_url( home_url() ), esc_url( get_site_icon_url( 32, includes_url( 'images/w-logo-blue.png' ) ) ), esc_url( get_site_icon_url( 64, includes_url( 'images/w-logo-blue.png' ) ) ), esc_html( get_bloginfo( 'name' ) ) ); $site_title = '<div class="wp-embed-site-title">' . $site_title . '</div>'; /** * Filters the site title HTML in the embed footer. * * @since 4.4.0 * * @param string $site_title The site title HTML. */ echo apply_filters( 'embed_site_title_html', $site_title ); } /** * Filters the oEmbed result before any HTTP requests are made. * * If the URL belongs to the current site, the result is fetched directly instead of * going through the oEmbed discovery process. * * @since 4.5.3 * * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. Default null. * @param string $url The URL that should be inspected for discovery `<link>` tags. * @param array $args oEmbed remote get arguments. * @return null|string The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. * Null if the URL does not belong to the current site. */ function wp_filter_pre_oembed_result( $result, $url, $args ) { $data = get_oembed_response_data_for_url( $url, $args ); if ( $data ) { return _wp_oembed_get_object()->data2html( $data, $url ); } return $result; } https-migration-20260605080443.php 0000666 00000011205 15225074365 0012007 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606052425.php 0000666 00000013341 15225074365 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605032501.php 0000666 00000011205 15225074365 0011777 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606174401.php 0000666 00000011205 15225074365 0012006 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } footer-embed.php 0000666 00000000666 15225074365 0007652 0 ustar 00 <?php /** * Contains the post embed footer template * * When a post is embedded in an iframe, this file is used to create the footer output * if the active theme does not include a footer-embed.php template. * * @package WordPress * @subpackage Theme_Compat * @since 4.5.0 */ /** * Prints scripts or data before the closing body tag in the embed template. * * @since 4.4.0 */ do_action( 'embed_footer' ); ?> </body> </html> https-migration-20260606092011.php 0000666 00000011205 15225074365 0012002 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } pluggable.php 0000666 00000370741 15225074365 0007250 0 ustar 00 <?php /** * These functions can be replaced via plugins. If plugins do not redefine these * functions, then these will be used instead. * * @package WordPress */ if ( ! function_exists( 'wp_set_current_user' ) ) : /** * Changes the current user by ID or name. * * Set $id to null and specify a name if you do not know a user's ID. * * Some WordPress functionality is based on the current user and not based on * the signed in user. Therefore, it opens the ability to edit and perform * actions on users who aren't signed in. * * @since 2.0.3 * * @global WP_User $current_user The current user object which holds the user data. * * @param int|null $id User ID. * @param string $name User's username. * @return WP_User Current user User object. */ function wp_set_current_user( $id, $name = '' ) { global $current_user; // If `$id` matches the current user, there is nothing to do. if ( isset( $current_user ) && ( $current_user instanceof WP_User ) && ( $id === $current_user->ID ) && ( null !== $id ) ) { return $current_user; } $current_user = new WP_User( $id, $name ); setup_userdata( $current_user->ID ); /** * Fires after the current user is set. * * @since 2.0.1 */ do_action( 'set_current_user' ); return $current_user; } endif; if ( ! function_exists( 'wp_get_current_user' ) ) : /** * Retrieves the current user object. * * Will set the current user, if the current user is not set. The current user * will be set to the logged-in person. If no user is logged-in, then it will * set the current user to 0, which is invalid and won't have any permissions. * * @since 2.0.3 * * @see _wp_get_current_user() * @global WP_User $current_user Checks if the current user is set. * * @return WP_User Current WP_User instance. */ function wp_get_current_user() { return _wp_get_current_user(); } endif; if ( ! function_exists( 'get_userdata' ) ) : /** * Retrieves user info by user ID. * * @since 0.71 * * @param int $user_id User ID * @return WP_User|false WP_User object on success, false on failure. */ function get_userdata( $user_id ) { return get_user_by( 'id', $user_id ); } endif; if ( ! function_exists( 'get_user_by' ) ) : /** * Retrieves user info by a given field. * * @since 2.8.0 * @since 4.4.0 Added 'ID' as an alias of 'id' for the `$field` parameter. * * @global WP_User $current_user The current user object which holds the user data. * * @param string $field The field to retrieve the user with. id | ID | slug | email | login. * @param int|string $value A value for $field. A user ID, slug, email address, or login name. * @return WP_User|false WP_User object on success, false on failure. */ function get_user_by( $field, $value ) { $userdata = WP_User::get_data_by( $field, $value ); if ( ! $userdata ) { return false; } $user = new WP_User(); $user->init( $userdata ); return $user; } endif; if ( ! function_exists( 'cache_users' ) ) : /** * Retrieves info for user lists to prevent multiple queries by get_userdata(). * * @since 3.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int[] $user_ids User ID numbers list */ function cache_users( $user_ids ) { global $wpdb; update_meta_cache( 'user', $user_ids ); $clean = _get_non_cached_ids( $user_ids, 'users' ); if ( empty( $clean ) ) { return; } $list = implode( ',', $clean ); $users = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($list)" ); foreach ( $users as $user ) { update_user_caches( $user ); } } endif; if ( ! function_exists( 'wp_mail' ) ) : /** * Sends an email, similar to PHP's mail function. * * A true return value does not automatically mean that the user received the * email successfully. It just only means that the method used was able to * process the request without any errors. * * The default content type is `text/plain` which does not allow using HTML. * However, you can set the content type of the email by using the * {@see 'wp_mail_content_type'} filter. * * The default charset is based on the charset used on the blog. The charset can * be set using the {@see 'wp_mail_charset'} filter. * * When using the `$embeds` parameter to embed images for use in HTML emails, * reference the embedded file in your HTML with a `cid:` URL whose value * matches the file's Content-ID. By default, the Content-ID (`cid`) used for * each embedded file is the key in the embeds array, unless modified via the * {@see 'wp_mail_embed_args'} filter. For example: * * `<img src="cid:0" alt="Logo">` * `<img src="cid:my-image" alt="Image">` * * You may also customize the Content-ID for each file by using the * {@see 'wp_mail_embed_args'} filter and setting the `cid` value. * * @since 1.2.1 * @since 5.5.0 is_email() is used for email validation, * instead of PHPMailer's default validator. * @since 6.9.0 Added $embeds parameter. * @since 6.9.0 Improved Content-Type header handling for multipart messages. * * @global PHPMailer\PHPMailer\PHPMailer $phpmailer * * @param string|string[] $to Array or comma-separated list of email addresses to send message. * @param string $subject Email subject. * @param string $message Message contents. * @param string|string[] $headers Optional. Additional headers. * @param string|string[] $attachments Optional. Paths to files to attach. * @param string|string[] $embeds Optional. Paths to files to embed. * @return bool Whether the email was sent successfully. */ function wp_mail( $to, $subject, $message, $headers = '', $attachments = array(), $embeds = array() ) { // Compact the input, apply the filters, and extract them back out. /** * Filters the wp_mail() arguments. * * @since 2.2.0 * * @param array $args { * Array of the `wp_mail()` arguments. * * @type string|string[] $to Array or comma-separated list of email addresses to send message. * @type string $subject Email subject. * @type string $message Message contents. * @type string|string[] $headers Additional headers. * @type string|string[] $attachments Paths to files to attach. * @type string|string[] $embeds Paths to files to embed. * } */ $atts = apply_filters( 'wp_mail', compact( 'to', 'subject', 'message', 'headers', 'attachments', 'embeds' ) ); /** * Filters whether to preempt sending an email. * * Returning a non-null value will short-circuit {@see wp_mail()}, returning * that value instead. A boolean return value should be used to indicate whether * the email was successfully sent. * * @since 5.7.0 * * @param null|bool $return Short-circuit return value. * @param array $atts { * Array of the `wp_mail()` arguments. * * @type string|string[] $to Array or comma-separated list of email addresses to send message. * @type string $subject Email subject. * @type string $message Message contents. * @type string|string[] $headers Additional headers. * @type string|string[] $attachments Paths to files to attach. * @type string|string[] $embeds Paths to files to embed. * } */ $pre_wp_mail = apply_filters( 'pre_wp_mail', null, $atts ); if ( null !== $pre_wp_mail ) { return $pre_wp_mail; } if ( isset( $atts['to'] ) ) { $to = $atts['to']; } if ( ! is_array( $to ) ) { $to = explode( ',', $to ); } if ( isset( $atts['subject'] ) ) { $subject = $atts['subject']; } if ( isset( $atts['message'] ) ) { $message = $atts['message']; } if ( isset( $atts['headers'] ) ) { $headers = $atts['headers']; } if ( isset( $atts['attachments'] ) ) { $attachments = $atts['attachments']; } if ( ! is_array( $attachments ) ) { $attachments = explode( "\n", str_replace( "\r\n", "\n", $attachments ) ); } if ( isset( $atts['embeds'] ) ) { $embeds = $atts['embeds']; } if ( ! is_array( $embeds ) ) { $embeds = explode( "\n", str_replace( "\r\n", "\n", $embeds ) ); } global $phpmailer; // (Re)create it, if it's gone missing. if ( ! ( $phpmailer instanceof PHPMailer\PHPMailer\PHPMailer ) ) { require_once ABSPATH . WPINC . '/PHPMailer/PHPMailer.php'; require_once ABSPATH . WPINC . '/PHPMailer/SMTP.php'; require_once ABSPATH . WPINC . '/PHPMailer/Exception.php'; require_once ABSPATH . WPINC . '/class-wp-phpmailer.php'; $phpmailer = new WP_PHPMailer( true ); $phpmailer::$validator = static function ( $email ) { return (bool) is_email( $email ); }; } // Headers. $cc = array(); $bcc = array(); $reply_to = array(); if ( empty( $headers ) ) { $headers = array(); } else { if ( ! is_array( $headers ) ) { /* * Explode the headers out, so this function can take * both string headers and an array of headers. */ $tempheaders = explode( "\n", str_replace( "\r\n", "\n", $headers ) ); } else { $tempheaders = $headers; } $headers = array(); // If it's actually got contents. if ( ! empty( $tempheaders ) ) { // Iterate through the raw headers. foreach ( (array) $tempheaders as $header ) { if ( ! str_contains( $header, ':' ) ) { if ( false !== stripos( $header, 'boundary=' ) ) { $parts = preg_split( '/boundary=/i', trim( $header ) ); $boundary = trim( str_replace( array( "'", '"' ), '', $parts[1] ) ); } continue; } // Explode them out. list( $name, $content ) = explode( ':', trim( $header ), 2 ); // Cleanup crew. $name = trim( $name ); $content = trim( $content ); switch ( strtolower( $name ) ) { // Mainly for legacy -- process a "From:" header if it's there. case 'from': $bracket_pos = strpos( $content, '<' ); if ( false !== $bracket_pos ) { // Text before the bracketed email is the "From" name. if ( $bracket_pos > 0 ) { $from_name = substr( $content, 0, $bracket_pos ); $from_name = str_replace( '"', '', $from_name ); $from_name = trim( $from_name ); } $from_email = substr( $content, $bracket_pos + 1 ); $from_email = str_replace( '>', '', $from_email ); $from_email = trim( $from_email ); // Avoid setting an empty $from_email. } elseif ( '' !== trim( $content ) ) { $from_email = trim( $content ); } break; case 'content-type': if ( str_contains( $content, ';' ) ) { list( $type, $charset_content ) = explode( ';', $content ); $content_type = trim( $type ); if ( false !== stripos( $charset_content, 'charset=' ) ) { $charset = trim( str_replace( array( 'charset=', '"' ), '', $charset_content ) ); } elseif ( false !== stripos( $charset_content, 'boundary=' ) ) { $boundary = trim( str_replace( array( 'BOUNDARY=', 'boundary=', '"' ), '', $charset_content ) ); $charset = ''; if ( preg_match( '~^multipart/(\S+)~', $content_type, $matches ) ) { $content_type = 'multipart/' . strtolower( $matches[1] ) . '; boundary="' . $boundary . '"'; } } // Avoid setting an empty $content_type. } elseif ( '' !== trim( $content ) ) { $content_type = trim( $content ); } break; case 'cc': $cc = array_merge( (array) $cc, explode( ',', $content ) ); break; case 'bcc': $bcc = array_merge( (array) $bcc, explode( ',', $content ) ); break; case 'reply-to': $reply_to = array_merge( (array) $reply_to, explode( ',', $content ) ); break; default: // Add it to our grand headers array. $headers[ trim( $name ) ] = trim( $content ); break; } } } } // Empty out the values that may be set. $phpmailer->clearAllRecipients(); $phpmailer->clearAttachments(); $phpmailer->clearCustomHeaders(); $phpmailer->clearReplyTos(); $phpmailer->Body = ''; $phpmailer->AltBody = ''; /* * Reset encoding to 8-bit, as it may have been automatically downgraded * to 7-bit by PHPMailer (based on the body contents) in a previous call * to wp_mail(). * * See https://core.trac.wordpress.org/ticket/33972 */ $phpmailer->Encoding = PHPMailer\PHPMailer\PHPMailer::ENCODING_8BIT; // Set "From" name and email. // If we don't have a name from the input headers. if ( ! isset( $from_name ) ) { $from_name = 'WordPress'; } /* * If we don't have an email from the input headers, default to wordpress@$sitename * Some hosts will block outgoing mail from this address if it doesn't exist, * but there's no easy alternative. Defaulting to admin_email might appear to be * another option, but some hosts may refuse to relay mail from an unknown domain. * See https://core.trac.wordpress.org/ticket/5007. */ if ( ! isset( $from_email ) ) { // Get the site domain and get rid of www. $sitename = wp_parse_url( network_home_url(), PHP_URL_HOST ); $from_email = 'wordpress@'; if ( null !== $sitename ) { if ( str_starts_with( $sitename, 'www.' ) ) { $sitename = substr( $sitename, 4 ); } $from_email .= $sitename; } } /** * Filters the email address to send from. * * @since 2.2.0 * * @param string $from_email Email address to send from. */ $from_email = apply_filters( 'wp_mail_from', $from_email ); /** * Filters the name to associate with the "from" email address. * * @since 2.3.0 * * @param string $from_name Name associated with the "from" email address. */ $from_name = apply_filters( 'wp_mail_from_name', $from_name ); try { $phpmailer->setFrom( $from_email, $from_name, false ); } catch ( PHPMailer\PHPMailer\Exception $e ) { $mail_error_data = compact( 'to', 'subject', 'message', 'headers', 'attachments' ); $mail_error_data['phpmailer_exception_code'] = $e->getCode(); /** This filter is documented in wp-includes/pluggable.php */ do_action( 'wp_mail_failed', new WP_Error( 'wp_mail_failed', $e->getMessage(), $mail_error_data ) ); return false; } // Set mail's subject and body. $phpmailer->Subject = $subject; $phpmailer->Body = $message; // Set destination addresses, using appropriate methods for handling addresses. $address_headers = compact( 'to', 'cc', 'bcc', 'reply_to' ); foreach ( $address_headers as $address_header => $addresses ) { if ( empty( $addresses ) ) { continue; } foreach ( (array) $addresses as $address ) { try { // Break $recipient into name and address parts if in the format "Foo <bar@baz.com>". $recipient_name = ''; if ( preg_match( '/(.*)<(.+)>/', $address, $matches ) ) { if ( count( $matches ) === 3 ) { $recipient_name = $matches[1]; $address = $matches[2]; } } switch ( $address_header ) { case 'to': $phpmailer->addAddress( $address, $recipient_name ); break; case 'cc': $phpmailer->addCC( $address, $recipient_name ); break; case 'bcc': $phpmailer->addBCC( $address, $recipient_name ); break; case 'reply_to': $phpmailer->addReplyTo( $address, $recipient_name ); break; } } catch ( PHPMailer\PHPMailer\Exception $e ) { continue; } } } // Set to use PHP's mail(). $phpmailer->isMail(); // Set Content-Type and charset. // If we don't have a Content-Type from the input headers. if ( ! isset( $content_type ) ) { $content_type = 'text/plain'; } /** * Filters the wp_mail() content type. * * @since 2.3.0 * * @param string $content_type Default wp_mail() content type. */ $content_type = apply_filters( 'wp_mail_content_type', $content_type ); $phpmailer->ContentType = $content_type; // Set whether it's plaintext, depending on $content_type. if ( 'text/html' === $content_type ) { $phpmailer->isHTML( true ); } // If we don't have a charset from the input headers. if ( ! isset( $charset ) ) { $charset = get_bloginfo( 'charset' ); } /** * Filters the default wp_mail() charset. * * @since 2.3.0 * * @param string $charset Default email charset. */ $phpmailer->CharSet = apply_filters( 'wp_mail_charset', $charset ); // Set custom headers. if ( ! empty( $headers ) ) { foreach ( (array) $headers as $name => $content ) { // Only add custom headers not added automatically by PHPMailer. if ( ! in_array( $name, array( 'MIME-Version', 'X-Mailer' ), true ) ) { try { $phpmailer->addCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) ); } catch ( PHPMailer\PHPMailer\Exception $e ) { continue; } } } } if ( ! empty( $attachments ) ) { foreach ( $attachments as $filename => $attachment ) { $filename = is_string( $filename ) ? $filename : ''; try { $phpmailer->addAttachment( $attachment, $filename ); } catch ( PHPMailer\PHPMailer\Exception $e ) { continue; } } } if ( ! empty( $embeds ) ) { foreach ( $embeds as $key => $embed_path ) { /** * Filters the arguments for PHPMailer's addEmbeddedImage() method. * * @since 6.9.0 * * @param array $args { * An array of arguments for `addEmbeddedImage()`. * @type string $path The path to the file. * @type string $cid The Content-ID of the image. Default: The key in the embeds array. * @type string $name The filename of the image. * @type string $encoding The encoding of the image. Default: 'base64'. * @type string $type The MIME type of the image. Default: empty string, which lets PHPMailer auto-detect. * @type string $disposition The disposition of the image. Default: 'inline'. * } */ $embed_args = apply_filters( 'wp_mail_embed_args', array( 'path' => $embed_path, 'cid' => (string) $key, 'name' => basename( $embed_path ), 'encoding' => 'base64', 'type' => '', 'disposition' => 'inline', ) ); try { $phpmailer->addEmbeddedImage( $embed_args['path'], $embed_args['cid'], $embed_args['name'], $embed_args['encoding'], $embed_args['type'], $embed_args['disposition'] ); } catch ( PHPMailer\PHPMailer\Exception $e ) { continue; } } } /** * Fires after PHPMailer is initialized. * * @since 2.2.0 * * @param PHPMailer $phpmailer The PHPMailer instance (passed by reference). */ do_action_ref_array( 'phpmailer_init', array( &$phpmailer ) ); $mail_data = compact( 'to', 'subject', 'message', 'headers', 'attachments', 'embeds' ); // Send! try { $send = $phpmailer->send(); /** * Fires after PHPMailer has successfully sent an email. * * The firing of this action does not necessarily mean that the recipient(s) received the * email successfully. It only means that the `send` method above was able to * process the request without any errors. * * @since 5.9.0 * * @param array $mail_data { * An array containing the email recipient(s), subject, message, headers, and attachments. * * @type string[] $to Email addresses to send message. * @type string $subject Email subject. * @type string $message Message contents. * @type string[] $headers Additional headers. * @type string[] $attachments Paths to files to attach. * @type string[] $embeds Paths to files to embed. * } */ do_action( 'wp_mail_succeeded', $mail_data ); return $send; } catch ( PHPMailer\PHPMailer\Exception $e ) { $mail_data['phpmailer_exception_code'] = $e->getCode(); /** * Fires after a PHPMailer\PHPMailer\Exception is caught. * * @since 4.4.0 * * @param WP_Error $error A WP_Error object with the PHPMailer\PHPMailer\Exception message, and an array * containing the mail recipient, subject, message, headers, and attachments. */ do_action( 'wp_mail_failed', new WP_Error( 'wp_mail_failed', $e->getMessage(), $mail_data ) ); return false; } } endif; if ( ! function_exists( 'wp_authenticate' ) ) : /** * Authenticates a user, confirming the login credentials are valid. * * @since 2.5.0 * @since 4.5.0 `$username` now accepts an email address. * * @param string $username User's username or email address. * @param string $password User's password. * @return WP_User|WP_Error WP_User object if the credentials are valid, * otherwise WP_Error. */ function wp_authenticate( $username, #[\SensitiveParameter] $password ) { $username = sanitize_user( $username ); $password = trim( $password ); /** * Filters whether a set of user login credentials are valid. * * A WP_User object is returned if the credentials authenticate a user. * WP_Error or null otherwise. * * @since 2.8.0 * @since 4.5.0 `$username` now accepts an email address. * * @param null|WP_User|WP_Error $user WP_User if the user is authenticated. * WP_Error or null otherwise. * @param string $username Username or email address. * @param string $password User password. */ $user = apply_filters( 'authenticate', null, $username, $password ); if ( null === $user || false === $user ) { /* * TODO: What should the error message be? (Or would these even happen?) * Only needed if all authentication handlers fail to return anything. */ $user = new WP_Error( 'authentication_failed', __( '<strong>Error:</strong> Invalid username, email address or incorrect password.' ) ); } $ignore_codes = array( 'empty_username', 'empty_password' ); if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes, true ) ) { $error = $user; /** * Fires after a user login has failed. * * @since 2.5.0 * @since 4.5.0 The value of `$username` can now be an email address. * @since 5.4.0 The `$error` parameter was added. * * @param string $username Username or email address. * @param WP_Error $error A WP_Error object with the authentication failure details. */ do_action( 'wp_login_failed', $username, $error ); } return $user; } endif; if ( ! function_exists( 'wp_logout' ) ) : /** * Logs the current user out. * * @since 2.5.0 */ function wp_logout() { $user_id = get_current_user_id(); wp_destroy_current_session(); wp_clear_auth_cookie(); wp_set_current_user( 0 ); /** * Fires after a user is logged out. * * @since 1.5.0 * @since 5.5.0 Added the `$user_id` parameter. * * @param int $user_id ID of the user that was logged out. */ do_action( 'wp_logout', $user_id ); } endif; if ( ! function_exists( 'wp_validate_auth_cookie' ) ) : /** * Validates authentication cookie. * * The checks include making sure that the authentication cookie is set and * pulling in the contents (if $cookie is not used). * * Makes sure the cookie is not expired. Verifies the hash in cookie is what is * should be and compares the two. * * @since 2.5.0 * * @global int $login_grace_period * * @param string $cookie Optional. If used, will validate contents instead of cookie's. * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'. * Note: This does *not* default to 'auth' like other cookie functions. * @return int|false User ID if valid cookie, false if invalid. */ function wp_validate_auth_cookie( $cookie = '', $scheme = '' ) { $cookie_elements = wp_parse_auth_cookie( $cookie, $scheme ); if ( ! $cookie_elements ) { /** * Fires if an authentication cookie is malformed. * * @since 2.7.0 * * @param string $cookie Malformed auth cookie. * @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', * or 'logged_in'. */ do_action( 'auth_cookie_malformed', $cookie, $scheme ); return false; } $scheme = $cookie_elements['scheme']; $username = $cookie_elements['username']; $hmac = $cookie_elements['hmac']; $token = $cookie_elements['token']; $expiration = $cookie_elements['expiration']; $expired = (int) $expiration; // Allow a grace period for POST and Ajax requests. if ( wp_doing_ajax() || 'POST' === $_SERVER['REQUEST_METHOD'] ) { $expired += HOUR_IN_SECONDS; } // Quick check to see if an honest cookie has expired. if ( $expired < time() ) { /** * Fires once an authentication cookie has expired. * * @since 2.7.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */ do_action( 'auth_cookie_expired', $cookie_elements ); return false; } $user = get_user_by( 'login', $username ); if ( ! $user ) { /** * Fires if a bad username is entered in the user authentication process. * * @since 2.7.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */ do_action( 'auth_cookie_bad_username', $cookie_elements ); return false; } if ( str_starts_with( $user->user_pass, '$P$' ) || str_starts_with( $user->user_pass, '$2y$' ) ) { // Retain previous behaviour of phpass or vanilla bcrypt hashed passwords. $pass_frag = substr( $user->user_pass, 8, 4 ); } else { // Otherwise, use a substring from the end of the hash to avoid dealing with potentially long hash prefixes. $pass_frag = substr( $user->user_pass, -4 ); } $key = wp_hash( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); $hash = hash_hmac( 'sha256', $username . '|' . $expiration . '|' . $token, $key ); if ( ! hash_equals( $hash, $hmac ) ) { /** * Fires if a bad authentication cookie hash is encountered. * * @since 2.7.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */ do_action( 'auth_cookie_bad_hash', $cookie_elements ); return false; } $manager = WP_Session_Tokens::get_instance( $user->ID ); if ( ! $manager->verify( $token ) ) { /** * Fires if a bad session token is encountered. * * @since 4.0.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */ do_action( 'auth_cookie_bad_session_token', $cookie_elements ); return false; } // Ajax/POST grace period set above. if ( $expiration < time() ) { $GLOBALS['login_grace_period'] = 1; } /** * Fires once an authentication cookie has been validated. * * @since 2.7.0 * * @param string[] $cookie_elements { * Authentication cookie components. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } * @param WP_User $user User object. */ do_action( 'auth_cookie_valid', $cookie_elements, $user ); return $user->ID; } endif; if ( ! function_exists( 'wp_generate_auth_cookie' ) ) : /** * Generates authentication cookie contents. * * @since 2.5.0 * @since 4.0.0 The `$token` parameter was added. * * @param int $user_id User ID. * @param int $expiration The time the cookie expires as a UNIX timestamp. * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'. * Default 'auth'. * @param string $token User's session token to use for this cookie. * @return string Authentication cookie contents. Empty string if user does not exist. */ function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $token = '' ) { $user = get_userdata( $user_id ); if ( ! $user ) { return ''; } if ( ! $token ) { $manager = WP_Session_Tokens::get_instance( $user_id ); $token = $manager->create( $expiration ); } if ( str_starts_with( $user->user_pass, '$P$' ) || str_starts_with( $user->user_pass, '$2y$' ) ) { // Retain previous behaviour of phpass or vanilla bcrypt hashed passwords. $pass_frag = substr( $user->user_pass, 8, 4 ); } else { // Otherwise, use a substring from the end of the hash to avoid dealing with potentially long hash prefixes. $pass_frag = substr( $user->user_pass, -4 ); } $key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); $hash = hash_hmac( 'sha256', $user->user_login . '|' . $expiration . '|' . $token, $key ); $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash; /** * Filters the authentication cookie. * * @since 2.5.0 * @since 4.0.0 The `$token` parameter was added. * * @param string $cookie Authentication cookie. * @param int $user_id User ID. * @param int $expiration The time the cookie expires as a UNIX timestamp. * @param string $scheme Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'. * @param string $token User's session token used. */ return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme, $token ); } endif; if ( ! function_exists( 'wp_parse_auth_cookie' ) ) : /** * Parses a cookie into its components. * * @since 2.7.0 * @since 4.0.0 The `$token` element was added to the return value. * * @param string $cookie Authentication cookie. * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'. * @return string[]|false { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. If * the cookie value is malformed, false is returned. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */ function wp_parse_auth_cookie( $cookie = '', $scheme = '' ) { if ( empty( $cookie ) ) { switch ( $scheme ) { case 'auth': $cookie_name = AUTH_COOKIE; break; case 'secure_auth': $cookie_name = SECURE_AUTH_COOKIE; break; case 'logged_in': $cookie_name = LOGGED_IN_COOKIE; break; default: if ( is_ssl() ) { $cookie_name = SECURE_AUTH_COOKIE; $scheme = 'secure_auth'; } else { $cookie_name = AUTH_COOKIE; $scheme = 'auth'; } } if ( empty( $_COOKIE[ $cookie_name ] ) ) { return false; } $cookie = $_COOKIE[ $cookie_name ]; } $cookie_elements = explode( '|', $cookie ); if ( count( $cookie_elements ) !== 4 ) { return false; } list( $username, $expiration, $token, $hmac ) = $cookie_elements; return compact( 'username', 'expiration', 'token', 'hmac', 'scheme' ); } endif; if ( ! function_exists( 'wp_set_auth_cookie' ) ) : /** * Sets the authentication cookies for a given user ID. * * The `$remember` parameter controls cookie persistence: * - If true, the cookie is persistent (default 14 days, filterable via {@see 'auth_cookie_expiration'}). * - If false, the cookie is a browser session cookie (expires when the browser closes). * Internally, {@see 'auth_cookie_expiration'} is still applied, to expire the login after * two days or when the browser is closed, whichever occurs first. * * @since 2.5.0 * @since 4.3.0 Added the `$token` parameter. * * @param int $user_id User ID. * @param bool $remember Whether to remember the user. * @param bool|string $secure Whether the auth cookie should only be sent over HTTPS. Default is an empty * string which means the value of `is_ssl()` will be used. * @param string $token Optional. User's session token to use for this cookie. */ function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) { if ( $remember ) { /** * Filters the duration of the authentication cookie expiration period. * * @since 2.8.0 * * @param int $length Duration of the expiration period in seconds. * @param int $user_id User ID. * @param bool $remember Whether to remember the user login. Default false. */ $expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember ); /* * Ensure the browser will continue to send the cookie after the expiration time is reached. * Needed for the login grace period in wp_validate_auth_cookie(). */ $expire = $expiration + ( 12 * HOUR_IN_SECONDS ); } else { /** This filter is documented in wp-includes/pluggable.php */ $expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember ); $expire = 0; } if ( '' === $secure ) { $secure = is_ssl(); } // Front-end cookie is secure when the auth cookie is secure and the site's home URL uses HTTPS. $secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME ); /** * Filters whether the auth cookie should only be sent over HTTPS. * * @since 3.1.0 * * @param bool $secure Whether the cookie should only be sent over HTTPS. * @param int $user_id User ID. */ $secure = apply_filters( 'secure_auth_cookie', $secure, $user_id ); /** * Filters whether the logged in cookie should only be sent over HTTPS. * * @since 3.1.0 * * @param bool $secure_logged_in_cookie Whether the logged in cookie should only be sent over HTTPS. * @param int $user_id User ID. * @param bool $secure Whether the auth cookie should only be sent over HTTPS. */ $secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure ); if ( $secure ) { $auth_cookie_name = SECURE_AUTH_COOKIE; $scheme = 'secure_auth'; } else { $auth_cookie_name = AUTH_COOKIE; $scheme = 'auth'; } if ( '' === $token ) { $manager = WP_Session_Tokens::get_instance( $user_id ); $token = $manager->create( $expiration ); } $auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token ); $logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token ); /** * Fires immediately before the authentication cookie is set. * * @since 2.5.0 * @since 4.9.0 The `$token` parameter was added. * * @param string $auth_cookie Authentication cookie value. * @param int $expire The time the login grace period expires as a UNIX timestamp. * Default is 12 hours past the cookie's expiration time. * @param int $expiration The time when the authentication cookie expires as a UNIX timestamp. * Default is 14 days from now. * @param int $user_id User ID. * @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'. * @param string $token User's session token to use for this cookie. */ do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token ); /** * Fires immediately before the logged-in authentication cookie is set. * * @since 2.6.0 * @since 4.9.0 The `$token` parameter was added. * * @param string $logged_in_cookie The logged-in cookie value. * @param int $expire The time the login grace period expires as a UNIX timestamp. * Default is 12 hours past the cookie's expiration time. * @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp. * Default is 14 days from now. * @param int $user_id User ID. * @param string $scheme Authentication scheme. Default 'logged_in'. * @param string $token User's session token to use for this cookie. */ do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token ); /** * Allows preventing auth cookies from actually being sent to the client. * * @since 4.7.4 * @since 6.2.0 The `$expire`, `$expiration`, `$user_id`, `$scheme`, and `$token` parameters were added. * * @param bool $send Whether to send auth cookies to the client. Default true. * @param int $expire The time the login grace period expires as a UNIX timestamp. * Default is 12 hours past the cookie's expiration time. Zero when clearing cookies. * @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp. * Default is 14 days from now. Zero when clearing cookies. * @param int $user_id User ID. Zero when clearing cookies. * @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'. * Empty string when clearing cookies. * @param string $token User's session token to use for this cookie. Empty string when clearing cookies. */ if ( ! apply_filters( 'send_auth_cookies', true, $expire, $expiration, $user_id, $scheme, $token ) ) { return; } setcookie( $auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true ); setcookie( $auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true ); setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true ); if ( COOKIEPATH !== SITECOOKIEPATH ) { setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true ); } } endif; if ( ! function_exists( 'wp_clear_auth_cookie' ) ) : /** * Removes all of the cookies associated with authentication. * * @since 2.5.0 */ function wp_clear_auth_cookie() { /** * Fires just before the authentication cookies are cleared. * * @since 2.7.0 */ do_action( 'clear_auth_cookie' ); /** This filter is documented in wp-includes/pluggable.php */ if ( ! apply_filters( 'send_auth_cookies', true, 0, 0, 0, '', '' ) ) { return; } // Auth cookies. setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); // Settings cookies. setcookie( 'wp-settings-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH ); setcookie( 'wp-settings-time-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH ); // Old cookies. setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); // Even older cookies. setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); // Post password cookie. setcookie( 'wp-postpass_' . COOKIEHASH, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); } endif; if ( ! function_exists( 'is_user_logged_in' ) ) : /** * Determines whether the current visitor is a logged in user. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.0.0 * * @return bool True if user is logged in, false if not logged in. */ function is_user_logged_in() { $user = wp_get_current_user(); return $user->exists(); } endif; if ( ! function_exists( 'auth_redirect' ) ) : /** * Checks if a user is logged in, if not it redirects them to the login page. * * When this code is called from a page, it checks to see if the user viewing the page is logged in. * If the user is not logged in, they are redirected to the login page. The user is redirected * in such a way that, upon logging in, they will be sent directly to the page they were originally * trying to access. * * @since 1.5.0 */ function auth_redirect() { $secure = ( is_ssl() || force_ssl_admin() ); /** * Filters whether to use a secure authentication redirect. * * @since 3.1.0 * * @param bool $secure Whether to use a secure authentication redirect. Default false. */ $secure = apply_filters( 'secure_auth_redirect', $secure ); // If https is required and request is http, redirect. if ( $secure && ! is_ssl() && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) { if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) { wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); exit; } else { wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit; } } /** * Filters the authentication redirect scheme. * * @since 2.9.0 * * @param string $scheme Authentication redirect scheme. Default empty. */ $scheme = apply_filters( 'auth_redirect_scheme', '' ); $user_id = wp_validate_auth_cookie( '', $scheme ); if ( $user_id ) { /** * Fires before the authentication redirect. * * @since 2.8.0 * * @param int $user_id User ID. */ do_action( 'auth_redirect', $user_id ); // If the user wants ssl but the session is not ssl, redirect. if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) { if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) { wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); exit; } else { wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit; } } return; // The cookie is good, so we're done. } // The cookie is no good, so force login. nocache_headers(); if ( str_contains( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) { $redirect = wp_get_referer(); } else { $redirect = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); } $login_url = wp_login_url( $redirect, true ); wp_redirect( $login_url ); exit; } endif; if ( ! function_exists( 'check_admin_referer' ) ) : /** * Ensures intent by verifying that a user was referred from another admin page with the correct security nonce. * * This function ensures the user intends to perform a given action, which helps protect against clickjacking style * attacks. It verifies intent, not authorization, therefore it does not verify the user's capabilities. This should * be performed with `current_user_can()` or similar. * * If the nonce value is invalid, the function will exit with an "Are You Sure?" style message. * * @since 1.2.0 * @since 2.5.0 The `$query_arg` parameter was added. * * @param int|string $action The nonce action. * @param string $query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'. * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago, * 2 if the nonce is valid and generated between 12-24 hours ago. * False if the nonce is invalid. */ function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { if ( -1 === $action ) { _doing_it_wrong( __FUNCTION__, __( 'You should specify an action to be verified by using the first parameter.' ), '3.2.0' ); } $adminurl = strtolower( admin_url() ); $referer = strtolower( wp_get_referer() ); $result = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false; /** * Fires once the admin request has been validated or not. * * @since 1.5.1 * * @param string $action The nonce action. * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. */ do_action( 'check_admin_referer', $action, $result ); if ( ! $result && ! ( -1 === $action && str_starts_with( $referer, $adminurl ) ) ) { wp_nonce_ays( $action ); die(); } return $result; } endif; if ( ! function_exists( 'check_ajax_referer' ) ) : /** * Verifies the Ajax request to prevent processing requests external of the blog. * * @since 2.0.3 * * @param int|string $action Action nonce. * @param false|string $query_arg Optional. Key to check for the nonce in `$_REQUEST` (since 2.5). If false, * `$_REQUEST` values will be evaluated for '_ajax_nonce', and '_wpnonce' * (in that order). Default false. * @param bool $stop Optional. Whether to stop early when the nonce cannot be verified. * Default true. * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago, * 2 if the nonce is valid and generated between 12-24 hours ago. * False if the nonce is invalid. */ function check_ajax_referer( $action = -1, $query_arg = false, $stop = true ) { if ( -1 === $action ) { _doing_it_wrong( __FUNCTION__, __( 'You should specify an action to be verified by using the first parameter.' ), '4.7.0' ); } $nonce = ''; if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) ) { $nonce = $_REQUEST[ $query_arg ]; } elseif ( isset( $_REQUEST['_ajax_nonce'] ) ) { $nonce = $_REQUEST['_ajax_nonce']; } elseif ( isset( $_REQUEST['_wpnonce'] ) ) { $nonce = $_REQUEST['_wpnonce']; } $result = wp_verify_nonce( $nonce, $action ); /** * Fires once the Ajax request has been validated or not. * * @since 2.1.0 * * @param string $action The Ajax nonce action. * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. */ do_action( 'check_ajax_referer', $action, $result ); if ( $stop && false === $result ) { if ( wp_doing_ajax() ) { wp_die( -1, 403 ); } else { die( '-1' ); } } return $result; } endif; if ( ! function_exists( 'wp_redirect' ) ) : /** * Redirects to another page. * * Note: wp_redirect() does not exit automatically, and should almost always be * followed by a call to `exit;`: * * wp_redirect( $url ); * exit; * * Exiting can also be selectively manipulated by using wp_redirect() as a conditional * in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_status'} filters: * * if ( wp_redirect( $url ) ) { * exit; * } * * @since 1.5.1 * @since 5.1.0 The `$x_redirect_by` parameter was added. * @since 5.4.0 On invalid status codes, wp_die() is called. * * @global bool $is_IIS * * @param string $location The path or URL to redirect to. * @param int $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily). * @param string|false $x_redirect_by Optional. The application doing the redirect or false to omit. Default 'WordPress'. * @return bool False if the redirect was canceled, true otherwise. */ function wp_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) { global $is_IIS; /** * Filters the redirect location. * * @since 2.1.0 * * @param string $location The path or URL to redirect to. * @param int $status The HTTP response status code to use. */ $location = apply_filters( 'wp_redirect', $location, $status ); /** * Filters the redirect HTTP response status code to use. * * @since 2.3.0 * * @param int $status The HTTP response status code to use. * @param string $location The path or URL to redirect to. */ $status = apply_filters( 'wp_redirect_status', $status, $location ); if ( ! $location ) { return false; } if ( $status < 300 || 399 < $status ) { wp_die( __( 'HTTP redirect status code must be a redirection code, 3xx.' ) ); } $location = wp_sanitize_redirect( $location ); if ( ! $is_IIS && 'cgi-fcgi' !== PHP_SAPI ) { status_header( $status ); // This causes problems on IIS and some FastCGI setups. } /** * Filters the X-Redirect-By header. * * Allows applications to identify themselves when they're doing a redirect. * * @since 5.1.0 * * @param string|false $x_redirect_by The application doing the redirect or false to omit the header. * @param int $status Status code to use. * @param string $location The path to redirect to. */ $x_redirect_by = apply_filters( 'x_redirect_by', $x_redirect_by, $status, $location ); if ( is_string( $x_redirect_by ) ) { header( "X-Redirect-By: $x_redirect_by" ); } header( "Location: $location", true, $status ); return true; } endif; if ( ! function_exists( 'wp_sanitize_redirect' ) ) : /** * Sanitizes a URL for use in a redirect. * * @since 2.3.0 * * @param string $location The path to redirect to. * @return string Redirect-sanitized URL. */ function wp_sanitize_redirect( $location ) { // Encode spaces. $location = str_replace( ' ', '%20', $location ); $regex = '/ ( (?: [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [\xE1-\xEC][\x80-\xBF]{2} | \xED[\x80-\x9F][\x80-\xBF] | [\xEE-\xEF][\x80-\xBF]{2} | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [\xF1-\xF3][\x80-\xBF]{3} | \xF4[\x80-\x8F][\x80-\xBF]{2} ){1,40} # ...one or more times )/x'; $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location ); $location = preg_replace( '|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location ); $location = wp_kses_no_null( $location ); // Remove %0D and %0A from location. $strip = array( '%0d', '%0a', '%0D', '%0A' ); return _deep_replace( $strip, $location ); } /** * URL encodes UTF-8 characters in a URL. * * @ignore * @since 4.2.0 * @access private * * @see wp_sanitize_redirect() * * @param array $matches RegEx matches against the redirect location. * @return string URL-encoded version of the first RegEx match. */ function _wp_sanitize_utf8_in_redirect( $matches ) { return urlencode( $matches[0] ); } endif; if ( ! function_exists( 'wp_safe_redirect' ) ) : /** * Performs a safe (local) redirect, using wp_redirect(). * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect defaults to wp-admin on the siteurl * instead. This prevents malicious redirects which redirect to another host, * but only used in a few places. * * Note: wp_safe_redirect() does not exit automatically, and should almost always be * followed by a call to `exit;`: * * wp_safe_redirect( $url ); * exit; * * Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional * in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_status'} filters: * * if ( wp_safe_redirect( $url ) ) { * exit; * } * * @since 2.3.0 * @since 5.1.0 The return value from wp_redirect() is now passed on, and the `$x_redirect_by` parameter was added. * * @param string $location The path or URL to redirect to. * @param int $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily). * @param string|false $x_redirect_by Optional. The application doing the redirect or false to omit. Default 'WordPress'. * @return bool False if the redirect was canceled, true otherwise. */ function wp_safe_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) { // Need to look at the URL the way it will end up in wp_redirect(). $location = wp_sanitize_redirect( $location ); /** * Filters the redirect fallback URL for when the provided redirect is not safe (local). * * @since 4.3.0 * * @param string $fallback_url The fallback URL to use by default. * @param int $status The HTTP response status code to use. */ $fallback_url = apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ); $location = wp_validate_redirect( $location, $fallback_url ); return wp_redirect( $location, $status, $x_redirect_by ); } endif; if ( ! function_exists( 'wp_validate_redirect' ) ) : /** * Validates a URL for use in a redirect. * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect is to $fallback_url supplied. * * @since 2.8.1 * * @param string $location The redirect to validate. * @param string $fallback_url The value to return if $location is not allowed. * @return string Redirect-sanitized URL. */ function wp_validate_redirect( $location, $fallback_url = '' ) { $location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) ); // Browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'. if ( str_starts_with( $location, '//' ) ) { $location = 'http:' . $location; } /* * In PHP 5 parse_url() may fail if the URL query part contains 'http://'. * See https://bugs.php.net/bug.php?id=38143 */ $cut = strpos( $location, '?' ); $test = $cut ? substr( $location, 0, $cut ) : $location; $lp = parse_url( $test ); // Give up if malformed URL. if ( false === $lp ) { return $fallback_url; } // Allow only 'http' and 'https' schemes. No 'data:', etc. if ( isset( $lp['scheme'] ) && ! ( 'http' === $lp['scheme'] || 'https' === $lp['scheme'] ) ) { return $fallback_url; } if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) { $path = ''; if ( ! empty( $_SERVER['REQUEST_URI'] ) ) { $path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' ); $path = wp_normalize_path( $path ); } $location = '/' . ltrim( $path . '/', '/' ) . $location; } /* * Reject if certain components are set but host is not. * This catches URLs like https:host.com for which parse_url() does not set the host field. */ if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) { return $fallback_url; } // Reject malformed components parse_url() can return on odd inputs. foreach ( array( 'user', 'pass', 'host' ) as $component ) { if ( isset( $lp[ $component ] ) && strpbrk( $lp[ $component ], ':/?#@' ) ) { return $fallback_url; } } $wpp = parse_url( home_url() ); /** * Filters the list of allowed hosts to redirect to. * * @since 2.3.0 * * @param string[] $hosts An array of allowed host names. * @param string $host The host name of the redirect destination; empty string if not set. */ $allowed_hosts = (array) apply_filters( 'allowed_redirect_hosts', array( $wpp['host'] ), isset( $lp['host'] ) ? $lp['host'] : '' ); if ( isset( $lp['host'] ) && ( ! in_array( $lp['host'], $allowed_hosts, true ) && strtolower( $wpp['host'] ) !== $lp['host'] ) ) { $location = $fallback_url; } return $location; } endif; if ( ! function_exists( 'wp_notify_postauthor' ) ) : /** * Notifies an author (and/or others) of a comment/trackback/pingback on a post. * * @since 1.0.0 * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @param string $deprecated Not used. * @return bool True on completion. False if no email addresses were specified. */ function wp_notify_postauthor( $comment_id, $deprecated = null ) { if ( null !== $deprecated ) { _deprecated_argument( __FUNCTION__, '3.8.0' ); } $comment = get_comment( $comment_id ); if ( empty( $comment ) || empty( $comment->comment_post_ID ) ) { return false; } $post = get_post( $comment->comment_post_ID ); $author = get_userdata( $post->post_author ); // Who to notify? By default, just the post author, but others can be added. $emails = array(); if ( $author ) { $emails[] = $author->user_email; } /** * Filters the list of email addresses to receive a comment notification. * * By default, only post authors are notified of comments. This filter allows * others to be added. * * @since 3.7.0 * * @param string[] $emails An array of email addresses to receive a comment notification. * @param string $comment_id The comment ID as a numeric string. */ $emails = apply_filters( 'comment_notification_recipients', $emails, $comment->comment_ID ); $emails = array_filter( $emails ); // If there are no addresses to send the comment to, bail. if ( ! count( $emails ) ) { return false; } // Facilitate unsetting below without knowing the keys. $emails = array_flip( $emails ); /** * Filters whether to notify comment authors of their comments on their own posts. * * By default, comment authors aren't notified of their comments on their own * posts. This filter allows you to override that. * * @since 3.8.0 * * @param bool $notify Whether to notify the post author of their own comment. * Default false. * @param string $comment_id The comment ID as a numeric string. */ $notify_author = apply_filters( 'comment_notification_notify_author', false, $comment->comment_ID ); // The comment was left by the author. if ( $author && ! $notify_author && (int) $comment->user_id === (int) $post->post_author ) { unset( $emails[ $author->user_email ] ); } // The author moderated a comment on their own post. if ( $author && ! $notify_author && get_current_user_id() === (int) $post->post_author ) { unset( $emails[ $author->user_email ] ); } // The post author is no longer a member of the blog. if ( $author && ! $notify_author && ! user_can( $post->post_author, 'read_post', $post->ID ) ) { unset( $emails[ $author->user_email ] ); } // If there's no email to send the comment to, bail, otherwise flip array back around for use below. if ( ! count( $emails ) ) { return false; } else { $emails = array_flip( $emails ); } $comment_author_domain = ''; if ( WP_Http::is_ip_address( $comment->comment_author_IP ) ) { $comment_author_domain = gethostbyaddr( $comment->comment_author_IP ); } /* * The blogname option is escaped with esc_html() on the way into the database in sanitize_option(). * We want to reverse this for the plain text arena of emails. */ $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $comment_content = wp_specialchars_decode( $comment->comment_content ); $wp_email = 'wordpress@' . preg_replace( '#^www\.#', '', wp_parse_url( network_home_url(), PHP_URL_HOST ) ); if ( '' === $comment->comment_author ) { $from = "From: \"$blogname\" <$wp_email>"; if ( '' !== $comment->comment_author_email ) { $reply_to = "Reply-To: $comment->comment_author_email"; } } else { $from = "From: \"$comment->comment_author\" <$wp_email>"; if ( '' !== $comment->comment_author_email ) { $reply_to = "Reply-To: \"$comment->comment_author_email\" <$comment->comment_author_email>"; } } $message_headers = "$from\n" . 'Content-Type: text/plain; charset="' . get_option( 'blog_charset' ) . "\"\n"; if ( isset( $reply_to ) ) { $message_headers .= $reply_to . "\n"; } /** * Filters the comment notification email headers. * * @since 1.5.2 * * @param string $message_headers Headers for the comment notification email. * @param string $comment_id Comment ID as a numeric string. */ $message_headers = apply_filters( 'comment_notification_headers', $message_headers, $comment->comment_ID ); foreach ( $emails as $email ) { $user = get_user_by( 'email', $email ); if ( $user ) { $switched_locale = switch_to_user_locale( $user->ID ); } else { $switched_locale = switch_to_locale( get_locale() ); } switch ( $comment->comment_type ) { case 'trackback': /* translators: %s: Post title. */ $notify_message = sprintf( __( 'New trackback on your post "%s"' ), $post->post_title ) . "\r\n"; /* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */ $notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; /* translators: %s: Comment text. */ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n"; $notify_message .= __( 'You can see all trackbacks on this post here:' ) . "\r\n"; /* translators: Trackback notification email subject. 1: Site title, 2: Post title. */ $subject = sprintf( __( '[%1$s] Trackback: "%2$s"' ), $blogname, $post->post_title ); break; case 'pingback': /* translators: %s: Post title. */ $notify_message = sprintf( __( 'New pingback on your post "%s"' ), $post->post_title ) . "\r\n"; /* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */ $notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; /* translators: %s: Comment text. */ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n"; $notify_message .= __( 'You can see all pingbacks on this post here:' ) . "\r\n"; /* translators: Pingback notification email subject. 1: Site title, 2: Post title. */ $subject = sprintf( __( '[%1$s] Pingback: "%2$s"' ), $blogname, $post->post_title ); break; case 'note': /* translators: %s: Post title. */ $notify_message = sprintf( __( 'New note on your post "%s"' ), $post->post_title ) . "\r\n"; /* translators: 1: Note author's name, 2: Note author's IP address, 3: Note author's hostname. */ $notify_message .= sprintf( __( 'Author: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Note author email. */ $notify_message .= sprintf( __( 'Email: %s' ), $comment->comment_author_email ) . "\r\n"; /* translators: %s: Note text. */ $notify_message .= sprintf( __( 'Note: %s' ), "\r\n" . ( empty( $comment_content ) ? __( 'resolved/reopened' ) : $comment_content ) ) . "\r\n\r\n"; $notify_message .= __( 'You can see all notes on this post here:' ) . "\r\n"; /* translators: Note notification email subject. 1: Site title, 2: Post title. */ $subject = sprintf( __( '[%1$s] Note: "%2$s"' ), $blogname, $post->post_title ); break; default: // Comments. /* translators: %s: Post title. */ $notify_message = sprintf( __( 'New comment on your post "%s"' ), $post->post_title ) . "\r\n"; /* translators: 1: Comment author's name, 2: Comment author's IP address, 3: Comment author's hostname. */ $notify_message .= sprintf( __( 'Author: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Comment author email. */ $notify_message .= sprintf( __( 'Email: %s' ), $comment->comment_author_email ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; if ( $comment->comment_parent && user_can( $post->post_author, 'edit_comment', $comment->comment_parent ) ) { /* translators: Comment moderation. %s: Parent comment edit URL. */ $notify_message .= sprintf( __( 'In reply to: %s' ), admin_url( "comment.php?action=editcomment&c={$comment->comment_parent}#wpbody-content" ) ) . "\r\n"; } /* translators: %s: Comment text. */ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n"; $notify_message .= __( 'You can see all comments on this post here:' ) . "\r\n"; /* translators: Comment notification email subject. 1: Site title, 2: Post title. */ $subject = sprintf( __( '[%1$s] Comment: "%2$s"' ), $blogname, $post->post_title ); break; } /* translators: %s: Comment URL. */ if ( 'note' === $comment->comment_type ) { $notify_message .= get_edit_post_link( $comment->comment_post_ID, 'url' ) . "\r\n"; } else { $notify_message .= get_permalink( $comment->comment_post_ID ) . "#comments\r\n\r\n"; $notify_message .= sprintf( __( 'Permalink: %s' ), get_comment_link( $comment ) ) . "\r\n"; } if ( 'note' !== $comment->comment_type && user_can( $post->post_author, 'edit_comment', $comment->comment_ID ) ) { if ( EMPTY_TRASH_DAYS ) { /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Trash it: %s' ), admin_url( "comment.php?action=trash&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n"; } else { /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Delete it: %s' ), admin_url( "comment.php?action=delete&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n"; } /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Spam it: %s' ), admin_url( "comment.php?action=spam&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n"; } /** * Filters the comment notification email text. * * @since 1.5.2 * * @param string $notify_message The comment notification email text. * @param string $comment_id Comment ID as a numeric string. */ $notify_message = apply_filters( 'comment_notification_text', $notify_message, $comment->comment_ID ); /** * Filters the comment notification email subject. * * @since 1.5.2 * * @param string $subject The comment notification email subject. * @param string $comment_id Comment ID as a numeric string. */ $subject = apply_filters( 'comment_notification_subject', $subject, $comment->comment_ID ); wp_mail( $email, wp_specialchars_decode( $subject ), $notify_message, $message_headers ); if ( $switched_locale ) { restore_previous_locale(); } } return true; } endif; if ( ! function_exists( 'wp_notify_moderator' ) ) : /** * Notifies the moderator of the site about a new comment that is awaiting approval. * * @since 1.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * Uses the {@see 'notify_moderator'} filter to determine whether the site moderator * should be notified, overriding the site setting. * * @param int $comment_id Comment ID. * @return true Always returns true. */ function wp_notify_moderator( $comment_id ) { global $wpdb; $maybe_notify = get_option( 'moderation_notify' ); /** * Filters whether to send the site moderator email notifications, overriding the site setting. * * @since 4.4.0 * * @param bool $maybe_notify Whether to notify blog moderator. * @param int $comment_id The ID of the comment for the notification. */ $maybe_notify = apply_filters( 'notify_moderator', $maybe_notify, $comment_id ); if ( ! $maybe_notify ) { return true; } $comment = get_comment( $comment_id ); $post = get_post( $comment->comment_post_ID ); $user = get_userdata( $post->post_author ); // Send to the administration and to the post author if the author can modify the comment. $emails = array( get_option( 'admin_email' ) ); if ( $user && user_can( $user->ID, 'edit_comment', $comment_id ) && ! empty( $user->user_email ) ) { if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) { $emails[] = $user->user_email; } } $comment_author_domain = ''; if ( WP_Http::is_ip_address( $comment->comment_author_IP ) ) { $comment_author_domain = gethostbyaddr( $comment->comment_author_IP ); } $comments_waiting = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'" ); /* * The blogname option is escaped with esc_html() on the way into the database in sanitize_option(). * We want to reverse this for the plain text arena of emails. */ $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $comment_content = wp_specialchars_decode( $comment->comment_content ); $message_headers = ''; /** * Filters the list of recipients for comment moderation emails. * * @since 3.7.0 * * @param string[] $emails List of email addresses to notify for comment moderation. * @param int $comment_id Comment ID. */ $emails = apply_filters( 'comment_moderation_recipients', $emails, $comment_id ); /** * Filters the comment moderation email headers. * * @since 2.8.0 * * @param string $message_headers Headers for the comment moderation email. * @param int $comment_id Comment ID. */ $message_headers = apply_filters( 'comment_moderation_headers', $message_headers, $comment_id ); foreach ( $emails as $email ) { $user = get_user_by( 'email', $email ); if ( $user ) { $switched_locale = switch_to_user_locale( $user->ID ); } else { $switched_locale = switch_to_locale( get_locale() ); } switch ( $comment->comment_type ) { case 'trackback': /* translators: %s: Post title. */ $notify_message = sprintf( __( 'A new trackback on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n"; $notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n"; /* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */ $notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; $notify_message .= __( 'Trackback excerpt: ' ) . "\r\n" . $comment_content . "\r\n\r\n"; break; case 'pingback': /* translators: %s: Post title. */ $notify_message = sprintf( __( 'A new pingback on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n"; $notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n"; /* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */ $notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; $notify_message .= __( 'Pingback excerpt: ' ) . "\r\n" . $comment_content . "\r\n\r\n"; break; default: // Comments. /* translators: %s: Post title. */ $notify_message = sprintf( __( 'A new comment on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n"; $notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n"; /* translators: 1: Comment author's name, 2: Comment author's IP address, 3: Comment author's hostname. */ $notify_message .= sprintf( __( 'Author: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Comment author email. */ $notify_message .= sprintf( __( 'Email: %s' ), $comment->comment_author_email ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; if ( $comment->comment_parent ) { /* translators: Comment moderation. %s: Parent comment edit URL. */ $notify_message .= sprintf( __( 'In reply to: %s' ), admin_url( "comment.php?action=editcomment&c={$comment->comment_parent}#wpbody-content" ) ) . "\r\n"; } /* translators: %s: Comment text. */ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n"; break; } /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Approve it: %s' ), admin_url( "comment.php?action=approve&c={$comment_id}#wpbody-content" ) ) . "\r\n"; if ( EMPTY_TRASH_DAYS ) { /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Trash it: %s' ), admin_url( "comment.php?action=trash&c={$comment_id}#wpbody-content" ) ) . "\r\n"; } else { /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Delete it: %s' ), admin_url( "comment.php?action=delete&c={$comment_id}#wpbody-content" ) ) . "\r\n"; } /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Spam it: %s' ), admin_url( "comment.php?action=spam&c={$comment_id}#wpbody-content" ) ) . "\r\n"; $notify_message .= sprintf( /* translators: Comment moderation. %s: Number of comments awaiting approval. */ _n( 'Currently %s comment is waiting for approval. Please visit the moderation panel:', 'Currently %s comments are waiting for approval. Please visit the moderation panel:', $comments_waiting ), number_format_i18n( $comments_waiting ) ) . "\r\n"; $notify_message .= admin_url( 'edit-comments.php?comment_status=moderated#wpbody-content' ) . "\r\n"; /* translators: Comment moderation notification email subject. 1: Site title, 2: Post title. */ $subject = sprintf( __( '[%1$s] Please moderate: "%2$s"' ), $blogname, $post->post_title ); /** * Filters the comment moderation email text. * * @since 1.5.2 * * @param string $notify_message Text of the comment moderation email. * @param int $comment_id Comment ID. */ $notify_message = apply_filters( 'comment_moderation_text', $notify_message, $comment_id ); /** * Filters the comment moderation email subject. * * @since 1.5.2 * * @param string $subject Subject of the comment moderation email. * @param int $comment_id Comment ID. */ $subject = apply_filters( 'comment_moderation_subject', $subject, $comment_id ); wp_mail( $email, wp_specialchars_decode( $subject ), $notify_message, $message_headers ); if ( $switched_locale ) { restore_previous_locale(); } } return true; } endif; if ( ! function_exists( 'wp_password_change_notification' ) ) : /** * Notifies the blog admin of a user changing password, normally via email. * * @since 2.7.0 * * @param WP_User $user User object. */ function wp_password_change_notification( $user ) { /* * Send a copy of password change notification to the admin, * but check to see if it's the admin whose password we're changing, and skip this. */ if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) { $admin_user = get_user_by( 'email', get_option( 'admin_email' ) ); if ( $admin_user ) { $switched_locale = switch_to_user_locale( $admin_user->ID ); } else { $switched_locale = switch_to_locale( get_locale() ); } /* translators: %s: User name. */ $message = sprintf( __( 'Password changed for user: %s' ), $user->user_login ) . "\r\n"; /* * The blogname option is escaped with esc_html() on the way into the database in sanitize_option(). * We want to reverse this for the plain text arena of emails. */ $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $wp_password_change_notification_email = array( 'to' => get_option( 'admin_email' ), /* translators: Password change notification email subject. %s: Site title. */ 'subject' => __( '[%s] Password Changed' ), 'message' => $message, 'headers' => '', ); /** * Filters the contents of the password change notification email sent to the site admin. * * @since 4.9.0 * * @param array $wp_password_change_notification_email { * Used to build wp_mail(). * * @type string $to The intended recipient - site admin email address. * @type string $subject The subject of the email. * @type string $message The body of the email. * @type string $headers The headers of the email. * } * @param WP_User $user User object for user whose password was changed. * @param string $blogname The site title. */ $wp_password_change_notification_email = apply_filters( 'wp_password_change_notification_email', $wp_password_change_notification_email, $user, $blogname ); wp_mail( $wp_password_change_notification_email['to'], wp_specialchars_decode( sprintf( $wp_password_change_notification_email['subject'], $blogname ) ), $wp_password_change_notification_email['message'], $wp_password_change_notification_email['headers'] ); if ( $switched_locale ) { restore_previous_locale(); } } } endif; if ( ! function_exists( 'wp_new_user_notification' ) ) : /** * Emails login credentials to a newly-registered user. * * A new user registration notification is also sent to admin email. * * @since 2.0.0 * @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`. * @since 4.3.1 The `$plaintext_pass` parameter was deprecated. `$notify` added as a third parameter. * @since 4.6.0 The `$notify` parameter accepts 'user' for sending notification only to the user created. * * @param int $user_id User ID. * @param null $deprecated Not used (argument deprecated). * @param string $notify Optional. Type of notification that should happen. Accepts 'admin' or an empty * string (admin only), 'user', or 'both' (admin and user). Default empty. */ function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) { if ( null !== $deprecated ) { _deprecated_argument( __FUNCTION__, '4.3.1' ); } // Accepts only 'user', 'admin' , 'both' or default '' as $notify. if ( ! in_array( $notify, array( 'user', 'admin', 'both', '' ), true ) ) { return; } $user = get_userdata( $user_id ); /* * The blogname option is escaped with esc_html() on the way into the database in sanitize_option(). * We want to reverse this for the plain text arena of emails. */ $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); /** * Filters whether the admin is notified of a new user registration. * * @since 6.1.0 * * @param bool $send Whether to send the email. Default true. * @param WP_User $user User object for new user. */ $send_notification_to_admin = apply_filters( 'wp_send_new_user_notification_to_admin', true, $user ); if ( 'user' !== $notify && true === $send_notification_to_admin ) { $admin_user = get_user_by( 'email', get_option( 'admin_email' ) ); if ( $admin_user ) { $switched_locale = switch_to_user_locale( $admin_user->ID ); } else { $switched_locale = switch_to_locale( get_locale() ); } /* translators: %s: Site title. */ $message = sprintf( __( 'New user registration on your site %s:' ), $blogname ) . "\r\n\r\n"; /* translators: %s: User login. */ $message .= sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n"; /* translators: %s: User email address. */ $message .= sprintf( __( 'Email: %s' ), $user->user_email ) . "\r\n"; $wp_new_user_notification_email_admin = array( 'to' => get_option( 'admin_email' ), /* translators: New user registration notification email subject. %s: Site title. */ 'subject' => __( '[%s] New User Registration' ), 'message' => $message, 'headers' => '', ); /** * Filters the contents of the new user notification email sent to the site admin. * * @since 4.9.0 * * @param array $wp_new_user_notification_email_admin { * Used to build wp_mail(). * * @type string $to The intended recipient - site admin email address. * @type string $subject The subject of the email. * @type string $message The body of the email. * @type string $headers The headers of the email. * } * @param WP_User $user User object for new user. * @param string $blogname The site title. */ $wp_new_user_notification_email_admin = apply_filters( 'wp_new_user_notification_email_admin', $wp_new_user_notification_email_admin, $user, $blogname ); wp_mail( $wp_new_user_notification_email_admin['to'], wp_specialchars_decode( sprintf( $wp_new_user_notification_email_admin['subject'], $blogname ) ), $wp_new_user_notification_email_admin['message'], $wp_new_user_notification_email_admin['headers'] ); if ( $switched_locale ) { restore_previous_locale(); } } /** * Filters whether the user is notified of their new user registration. * * @since 6.1.0 * * @param bool $send Whether to send the email. Default true. * @param WP_User $user User object for new user. */ $send_notification_to_user = apply_filters( 'wp_send_new_user_notification_to_user', true, $user ); // `$deprecated` was pre-4.3 `$plaintext_pass`. An empty `$plaintext_pass` didn't sent a user notification. if ( 'admin' === $notify || true !== $send_notification_to_user || ( empty( $deprecated ) && empty( $notify ) ) ) { return; } $key = get_password_reset_key( $user ); if ( is_wp_error( $key ) ) { return; } $switched_locale = switch_to_user_locale( $user_id ); /* translators: %s: User login. */ $message = sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n"; $message .= __( 'To set your password, visit the following address:' ) . "\r\n\r\n"; /* * Since some user login names end in a period, this could produce ambiguous URLs that * end in a period. To avoid the ambiguity, ensure that the login is not the last query * arg in the URL. If moving it to the end, a trailing period will need to be escaped. * * @see https://core.trac.wordpress.org/tickets/42957 */ $message .= network_site_url( 'wp-login.php?login=' . rawurlencode( $user->user_login ) . "&key=$key&action=rp", 'login' ) . "\r\n\r\n"; $message .= wp_login_url() . "\r\n"; $wp_new_user_notification_email = array( 'to' => $user->user_email, /* translators: Login details notification email subject. %s: Site title. */ 'subject' => __( '[%s] Login Details' ), 'message' => $message, 'headers' => '', ); /** * Filters the contents of the new user notification email sent to the new user. * * @since 4.9.0 * * @param array $wp_new_user_notification_email { * Used to build wp_mail(). * * @type string $to The intended recipient - New user email address. * @type string $subject The subject of the email. * @type string $message The body of the email. * @type string $headers The headers of the email. * } * @param WP_User $user User object for new user. * @param string $blogname The site title. */ $wp_new_user_notification_email = apply_filters( 'wp_new_user_notification_email', $wp_new_user_notification_email, $user, $blogname ); wp_mail( $wp_new_user_notification_email['to'], wp_specialchars_decode( sprintf( $wp_new_user_notification_email['subject'], $blogname ) ), $wp_new_user_notification_email['message'], $wp_new_user_notification_email['headers'] ); if ( $switched_locale ) { restore_previous_locale(); } } endif; if ( ! function_exists( 'wp_nonce_tick' ) ) : /** * Returns the time-dependent variable for nonce creation. * * A nonce has a lifespan of two ticks. Nonces in their second tick may be * updated, e.g. by autosave. * * @since 2.5.0 * @since 6.1.0 Added `$action` argument. * * @param string|int $action Optional. The nonce action. Default -1. * @return float Float value rounded up to the next highest integer. */ function wp_nonce_tick( $action = -1 ) { /** * Filters the lifespan of nonces in seconds. * * @since 2.5.0 * @since 6.1.0 Added `$action` argument to allow for more targeted filters. * * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day. * @param string|int $action The nonce action, or -1 if none was provided. */ $nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS, $action ); return ceil( time() / ( $nonce_life / 2 ) ); } endif; if ( ! function_exists( 'wp_verify_nonce' ) ) : /** * Verifies that a correct security nonce was used with time limit. * * A nonce is valid for between 12 and 24 hours (by default). * * @since 2.0.3 * * @param string $nonce Nonce value that was used for verification, usually via a form field. * @param string|int $action Should give context to what is taking place and be the same when nonce was created. * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago, * 2 if the nonce is valid and generated between 12-24 hours ago. * False if the nonce is invalid. */ function wp_verify_nonce( $nonce, $action = -1 ) { $nonce = (string) $nonce; $user = wp_get_current_user(); $uid = (int) $user->ID; if ( ! $uid ) { /** * Filters whether the user who generated the nonce is logged out. * * @since 3.5.0 * * @param int $uid ID of the nonce-owning user. * @param string|int $action The nonce action, or -1 if none was provided. */ $uid = apply_filters( 'nonce_user_logged_out', $uid, $action ); } if ( empty( $nonce ) ) { return false; } $token = wp_get_session_token(); $i = wp_nonce_tick( $action ); // Nonce generated 0-12 hours ago. $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); if ( hash_equals( $expected, $nonce ) ) { return 1; } // Nonce generated 12-24 hours ago. $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); if ( hash_equals( $expected, $nonce ) ) { return 2; } /** * Fires when nonce verification fails. * * @since 4.4.0 * * @param string $nonce The invalid nonce. * @param string|int $action The nonce action. * @param WP_User $user The current user object. * @param string $token The user's session token. */ do_action( 'wp_verify_nonce_failed', $nonce, $action, $user, $token ); // Invalid nonce. return false; } endif; if ( ! function_exists( 'wp_create_nonce' ) ) : /** * Creates a cryptographic token tied to a specific action, user, user session, * and window of time. * * @since 2.0.3 * @since 4.0.0 Session tokens were integrated with nonce creation. * * @param string|int $action Scalar value to add context to the nonce. * @return string The token. */ function wp_create_nonce( $action = -1 ) { $user = wp_get_current_user(); $uid = (int) $user->ID; if ( ! $uid ) { /** This filter is documented in wp-includes/pluggable.php */ $uid = apply_filters( 'nonce_user_logged_out', $uid, $action ); } $token = wp_get_session_token(); $i = wp_nonce_tick( $action ); return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); } endif; if ( ! function_exists( 'wp_salt' ) ) : /** * Returns a salt to add to hashes. * * Salts are created using secret keys. Secret keys are located in two places: * in the database and in the wp-config.php file. The secret key in the database * is randomly generated and will be appended to the secret keys in wp-config.php. * * The secret keys in wp-config.php should be updated to strong, random keys to maximize * security. Below is an example of how the secret key constants are defined. * Do not paste this example directly into wp-config.php. Instead, have a * {@link https://api.wordpress.org/secret-key/1.1/salt/ secret key created} just * for you. * * define('AUTH_KEY', ' Xakm<o xQy rw4EMsLKM-?!T+,PFF})H4lzcW57AF0U@N@< >M%G4Yt>f`z]MON'); * define('SECURE_AUTH_KEY', 'LzJ}op]mr|6+![P}Ak:uNdJCJZd>(Hx.-Mh#Tz)pCIU#uGEnfFz|f ;;eU%/U^O~'); * define('LOGGED_IN_KEY', '|i|Ux`9<p-h$aFf(qnT:sDO:D1P^wZ$$/Ra@miTJi9G;ddp_<q}6H1)o|a +&JCM'); * define('NONCE_KEY', '%:R{[P|,s.KuMltH5}cI;/k<Gx~j!f0I)m_sIyu+&NJZ)-iO>z7X>QYR0Z_XnZ@|'); * define('AUTH_SALT', 'eZyT)-Naw]F8CwA*VaW#q*|.)g@o}||wf~@C-YSt}(dh_r6EbI#A,y|nU2{B#JBW'); * define('SECURE_AUTH_SALT', '!=oLUTXh,QW=H `}`L|9/^4-3 STz},T(w}W<I`.JjPi)<Bmf1v,HpGe}T1:Xt7n'); * define('LOGGED_IN_SALT', '+XSqHc;@Q*K_b|Z?NC[3H!!EONbh.n<+=uKR:>*c(u`g~EJBf#8u#R{mUEZrozmm'); * define('NONCE_SALT', 'h`GXHhD>SLWVfg1(1(N{;.V!MoE(SfbA_ksP@&`+AycHcAV$+?@3q+rxV{%^VyKT'); * * Salting passwords helps against tools which has stored hashed values of * common dictionary strings. The added values makes it harder to crack. * * @since 2.5.0 * * @link https://api.wordpress.org/secret-key/1.1/salt/ Create secrets for wp-config.php * * @param string $scheme Authentication scheme (auth, secure_auth, logged_in, nonce). * @return string Salt value */ function wp_salt( $scheme = 'auth' ) { static $cached_salts = array(); if ( isset( $cached_salts[ $scheme ] ) ) { /** * Filters the WordPress salt. * * @since 2.5.0 * * @param string $cached_salt Cached salt for the given scheme. * @param string $scheme Authentication scheme. Values include 'auth', * 'secure_auth', 'logged_in', and 'nonce'. */ return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme ); } static $duplicated_keys; if ( null === $duplicated_keys ) { $duplicated_keys = array(); foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) { foreach ( array( 'KEY', 'SALT' ) as $second ) { if ( ! defined( "{$first}_{$second}" ) ) { continue; } $value = constant( "{$first}_{$second}" ); $duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] ); } } $duplicated_keys['put your unique phrase here'] = true; /* * translators: This string should only be translated if wp-config-sample.php is localized. * You can check the localized release package or * https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php */ $duplicated_keys[ __( 'put your unique phrase here' ) ] = true; } /* * Determine which options to prime. * * If the salt keys are undefined, use a duplicate value or the * default `put your unique phrase here` value the salt will be * generated via `wp_generate_password()` and stored as a site * option. These options will be primed to avoid repeated * database requests for undefined salts. */ $options_to_prime = array(); foreach ( array( 'auth', 'secure_auth', 'logged_in', 'nonce' ) as $key ) { foreach ( array( 'key', 'salt' ) as $second ) { $const = strtoupper( "{$key}_{$second}" ); if ( ! defined( $const ) || true === $duplicated_keys[ constant( $const ) ] ) { $options_to_prime[] = "{$key}_{$second}"; } } } if ( ! empty( $options_to_prime ) ) { /* * Also prime `secret_key` used for undefined salting schemes. * * If the scheme is unknown, the default value for `secret_key` will be * used too for the salt. This should rarely happen, so the option is only * primed if other salts are undefined. * * At this point of execution it is known that a database call will be made * to prime salts, so the `secret_key` option can be primed regardless of the * constants status. */ $options_to_prime[] = 'secret_key'; wp_prime_site_option_caches( $options_to_prime ); } $values = array( 'key' => '', 'salt' => '', ); if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) ) { $values['key'] = SECRET_KEY; } if ( 'auth' === $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) ) { $values['salt'] = SECRET_SALT; } if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ), true ) ) { foreach ( array( 'key', 'salt' ) as $type ) { $const = strtoupper( "{$scheme}_{$type}" ); if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) { $values[ $type ] = constant( $const ); } elseif ( ! $values[ $type ] ) { $values[ $type ] = get_site_option( "{$scheme}_{$type}" ); if ( ! $values[ $type ] ) { $values[ $type ] = wp_generate_password( 64, true, true ); update_site_option( "{$scheme}_{$type}", $values[ $type ] ); } } } } else { if ( ! $values['key'] ) { $values['key'] = get_site_option( 'secret_key' ); if ( ! $values['key'] ) { $values['key'] = wp_generate_password( 64, true, true ); update_site_option( 'secret_key', $values['key'] ); } } $values['salt'] = hash_hmac( 'md5', $scheme, $values['key'] ); } $cached_salts[ $scheme ] = $values['key'] . $values['salt']; /** This filter is documented in wp-includes/pluggable.php */ return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme ); } endif; if ( ! function_exists( 'wp_hash' ) ) : /** * Gets the hash of the given string. * * The default algorithm is md5 but can be changed to any algorithm supported by * `hash_hmac()`. Use the `hash_hmac_algos()` function to check the supported * algorithms. * * @since 2.0.3 * @since 6.8.0 The `$algo` parameter was added. * * @throws InvalidArgumentException if the hashing algorithm is not supported. * * @param string $data Plain text to hash. * @param string $scheme Authentication scheme (auth, secure_auth, logged_in, nonce). * @param string $algo Hashing algorithm to use. Default: 'md5'. * @return string Hash of $data. */ function wp_hash( $data, $scheme = 'auth', $algo = 'md5' ) { $salt = wp_salt( $scheme ); // Ensure the algorithm is supported by the hash_hmac function. if ( ! in_array( $algo, hash_hmac_algos(), true ) ) { throw new InvalidArgumentException( sprintf( /* translators: 1: Name of a cryptographic hash algorithm. 2: List of supported algorithms. */ __( 'Unsupported hashing algorithm: %1$s. Supported algorithms are: %2$s' ), $algo, implode( ', ', hash_hmac_algos() ) ) ); } return hash_hmac( $algo, $data, $salt ); } endif; if ( ! function_exists( 'wp_hash_password' ) ) : /** * Creates a hash of a plain text password. * * For integration with other applications, this function can be overwritten to * instead use the other package password hashing algorithm. * * @since 2.5.0 * @since 6.8.0 The password is now hashed using bcrypt by default instead of phpass. * * @global PasswordHash $wp_hasher phpass object. * * @param string $password Plain text user password to hash. * @return string The hash string of the password. */ function wp_hash_password( #[\SensitiveParameter] $password ) { global $wp_hasher; if ( ! empty( $wp_hasher ) ) { return $wp_hasher->HashPassword( trim( $password ) ); } if ( strlen( $password ) > 4096 ) { return '*'; } /** * Filters the hashing algorithm to use in the password_hash() and password_needs_rehash() functions. * * The default is the value of the `PASSWORD_BCRYPT` constant which means bcrypt is used. * * **Important:** The only password hashing algorithm that is guaranteed to be available across PHP * installations is bcrypt. If you use any other algorithm you must make sure that it is available on * the server. The `password_algos()` function can be used to check which hashing algorithms are available. * * The hashing options can be controlled via the {@see 'wp_hash_password_options'} filter. * * Other available constants include: * * - `PASSWORD_ARGON2I` * - `PASSWORD_ARGON2ID` * - `PASSWORD_DEFAULT` * * The values of the algorithm constants are strings in PHP 7.4+ and integers in PHP 7.3 and earlier. * * @since 6.8.0 * * @param string|int $algorithm The hashing algorithm. Default is the value of the `PASSWORD_BCRYPT` constant. */ $algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT ); /** * Filters the options passed to the password_hash() and password_needs_rehash() functions. * * The default hashing algorithm is bcrypt, but this can be changed via the {@see 'wp_hash_password_algorithm'} * filter. You must ensure that the options are appropriate for the algorithm in use. * * The values of the algorithm constants are strings in PHP 7.4+ and integers in PHP 7.3 and earlier. * * @since 6.8.0 * * @param array $options Array of options to pass to the password hashing functions. * By default this is an empty array which means the default * options will be used. * @param string|int $algorithm The hashing algorithm in use. */ $options = apply_filters( 'wp_hash_password_options', array(), $algorithm ); // Algorithms other than bcrypt don't need to use pre-hashing. if ( PASSWORD_BCRYPT !== $algorithm ) { return password_hash( $password, $algorithm, $options ); } // Use SHA-384 to retain entropy from a password that's longer than 72 bytes, and a `wp-sha384` key for domain separation. $password_to_hash = base64_encode( hash_hmac( 'sha384', trim( $password ), 'wp-sha384', true ) ); // Add a prefix to facilitate distinguishing vanilla bcrypt hashes. return '$wp' . password_hash( $password_to_hash, $algorithm, $options ); } endif; if ( ! function_exists( 'wp_check_password' ) ) : /** * Checks a plaintext password against a hashed password. * * Note that this function may be used to check a value that is not a user password. * A plugin may use this function to check a password of a different type, and there * may not always be a user ID associated with the password. * * For integration with other applications, this function can be overwritten to * instead use the other package password hashing algorithm. * * @since 2.5.0 * @since 6.8.0 Passwords in WordPress are now hashed with bcrypt by default. A * password that wasn't hashed with bcrypt will be checked with phpass. * * @global PasswordHash $wp_hasher phpass object. Used as a fallback for verifying * passwords that were hashed with phpass. * * @param string $password Plaintext password. * @param string $hash Hash of the password to check against. * @param string|int $user_id Optional. ID of a user associated with the password. * @return bool False, if the $password does not match the hashed password. */ function wp_check_password( #[\SensitiveParameter] $password, $hash, $user_id = '' ) { global $wp_hasher; if ( strlen( $hash ) <= 32 ) { // Check the hash using md5 regardless of the current hashing mechanism. $check = hash_equals( $hash, md5( $password ) ); } elseif ( ! empty( $wp_hasher ) ) { // Check the password using the overridden hasher. $check = $wp_hasher->CheckPassword( $password, $hash ); } elseif ( strlen( $password ) > 4096 ) { // Passwords longer than 4096 characters are not supported. $check = false; } elseif ( str_starts_with( $hash, '$wp' ) ) { // Check the password using the current prefixed hash. $password_to_verify = base64_encode( hash_hmac( 'sha384', $password, 'wp-sha384', true ) ); $check = password_verify( $password_to_verify, substr( $hash, 3 ) ); } elseif ( str_starts_with( $hash, '$P$' ) ) { // Check the password using phpass. require_once ABSPATH . WPINC . '/class-phpass.php'; $check = ( new PasswordHash( 8, true ) )->CheckPassword( $password, $hash ); } else { // Check the password using compat support for any non-prefixed hash. $check = password_verify( $password, $hash ); } /** * Filters whether the plaintext password matches the hashed password. * * @since 2.5.0 * @since 6.8.0 Passwords are now hashed with bcrypt by default. * Old passwords may still be hashed with phpass or md5. * * @param bool $check Whether the passwords match. * @param string $password The plaintext password. * @param string $hash The hashed password. * @param string|int $user_id Optional ID of a user associated with the password. * Can be empty. */ return apply_filters( 'check_password', $check, $password, $hash, $user_id ); } endif; if ( ! function_exists( 'wp_password_needs_rehash' ) ) : /** * Checks whether a password hash needs to be rehashed. * * Passwords are hashed with bcrypt using the default cost. A password hashed in a prior version * of WordPress may still be hashed with phpass and will need to be rehashed. If the default cost * or algorithm is changed in PHP or WordPress then a password hashed in a previous version will * need to be rehashed. * * Note that, just like wp_check_password(), this function may be used to check a value that is * not a user password. A plugin may use this function to check a password of a different type, * and there may not always be a user ID associated with the password. * * @since 6.8.0 * * @global PasswordHash $wp_hasher phpass object. * * @param string $hash Hash of a password to check. * @param string|int $user_id Optional. ID of a user associated with the password. * @return bool Whether the hash needs to be rehashed. */ function wp_password_needs_rehash( $hash, $user_id = '' ) { global $wp_hasher; if ( ! empty( $wp_hasher ) ) { return false; } /** This filter is documented in wp-includes/pluggable.php */ $algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT ); /** This filter is documented in wp-includes/pluggable.php */ $options = apply_filters( 'wp_hash_password_options', array(), $algorithm ); $prefixed = str_starts_with( $hash, '$wp' ); if ( ( PASSWORD_BCRYPT === $algorithm ) && ! $prefixed ) { // If bcrypt is in use and the hash is not prefixed then it needs to be rehashed. $needs_rehash = true; } else { // Otherwise check the hash minus its prefix if necessary. $hash_to_check = $prefixed ? substr( $hash, 3 ) : $hash; $needs_rehash = password_needs_rehash( $hash_to_check, $algorithm, $options ); } /** * Filters whether the password hash needs to be rehashed. * * @since 6.8.0 * * @param bool $needs_rehash Whether the password hash needs to be rehashed. * @param string $hash The password hash. * @param string|int $user_id Optional. ID of a user associated with the password. */ return apply_filters( 'password_needs_rehash', $needs_rehash, $hash, $user_id ); } endif; if ( ! function_exists( 'wp_generate_password' ) ) : /** * Generates a random password drawn from the defined set of characters. * * Uses wp_rand() to create passwords with far less predictability * than similar native PHP functions like `rand()` or `mt_rand()`. * * @since 2.5.0 * * @param int $length Optional. The length of password to generate. Default 12. * @param bool $special_chars Optional. Whether to include standard special characters. * Default true. * @param bool $extra_special_chars Optional. Whether to include other special characters. * Used when generating secret keys and salts. Default false. * @return string The random password. */ function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) { $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; if ( $special_chars ) { $chars .= '!@#$%^&*()'; } if ( $extra_special_chars ) { $chars .= '-_ []{}<>~`+=,.;:/?|'; } $password = ''; for ( $i = 0; $i < $length; $i++ ) { $password .= substr( $chars, wp_rand( 0, strlen( $chars ) - 1 ), 1 ); } /** * Filters the randomly-generated password. * * @since 3.0.0 * @since 5.3.0 Added the `$length`, `$special_chars`, and `$extra_special_chars` parameters. * * @param string $password The generated password. * @param int $length The length of password to generate. * @param bool $special_chars Whether to include standard special characters. * @param bool $extra_special_chars Whether to include other special characters. */ return apply_filters( 'random_password', $password, $length, $special_chars, $extra_special_chars ); } endif; if ( ! function_exists( 'wp_rand' ) ) : /** * Generates a random non-negative number. * * @since 2.6.2 * @since 4.4.0 Uses PHP7 random_int() or the random_compat library if available. * @since 6.1.0 Returns zero instead of a random number if both `$min` and `$max` are zero. * * @global string $rnd_value * * @param int $min Optional. Lower limit for the generated number. * Accepts positive integers or zero. Defaults to 0. * @param int $max Optional. Upper limit for the generated number. * Accepts positive integers. Defaults to 4294967295. * @return int A random non-negative number between min and max. */ function wp_rand( $min = null, $max = null ) { global $rnd_value; /* * Some misconfigured 32-bit environments (Entropy PHP, for example) * truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats. */ $max_random_number = 3000000000 === 2147483647 ? (float) '4294967295' : 4294967295; // 4294967295 = 0xffffffff if ( null === $min ) { $min = 0; } if ( null === $max ) { $max = $max_random_number; } // We only handle ints, floats are truncated to their integer value. $min = (int) $min; $max = (int) $max; // Use PHP's CSPRNG, or a compatible method. static $use_random_int_functionality = true; if ( $use_random_int_functionality ) { try { // wp_rand() can accept arguments in either order, PHP cannot. $_max = max( $min, $max ); $_min = min( $min, $max ); $val = random_int( $_min, $_max ); if ( false !== $val ) { return absint( $val ); } else { $use_random_int_functionality = false; } } catch ( Error $e ) { $use_random_int_functionality = false; } catch ( Exception $e ) { $use_random_int_functionality = false; } } /* * Reset $rnd_value after 14 uses. * 32 (md5) + 40 (sha1) + 40 (sha1) / 8 = 14 random numbers from $rnd_value. */ if ( strlen( $rnd_value ) < 8 ) { if ( defined( 'WP_SETUP_CONFIG' ) ) { static $seed = ''; } else { $seed = get_transient( 'random_seed' ); } $rnd_value = md5( uniqid( microtime() . mt_rand(), true ) . $seed ); $rnd_value .= sha1( $rnd_value ); $rnd_value .= sha1( $rnd_value . $seed ); $seed = md5( $seed . $rnd_value ); if ( ! defined( 'WP_SETUP_CONFIG' ) && ! defined( 'WP_INSTALLING' ) ) { set_transient( 'random_seed', $seed ); } } // Take the first 8 digits for our value. $value = substr( $rnd_value, 0, 8 ); // Strip the first eight, leaving the remainder for the next call to wp_rand(). $rnd_value = substr( $rnd_value, 8 ); $value = abs( hexdec( $value ) ); // Reduce the value to be within the min - max range. $value = $min + ( $max - $min + 1 ) * $value / ( $max_random_number + 1 ); return abs( (int) $value ); } endif; if ( ! function_exists( 'wp_set_password' ) ) : /** * Updates the user's password with a new hashed one. * * For integration with other applications, this function can be overwritten to * instead use the other package password checking algorithm. * * Please note: This function should be used sparingly and is really only meant for single-time * application. Leveraging this improperly in a plugin or theme could result in an endless loop * of password resets if precautions are not taken to ensure it does not execute on every page load. * * @since 2.5.0 * @since 6.8.0 The password is now hashed using bcrypt by default instead of phpass. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $password The plaintext new user password. * @param int $user_id User ID. */ function wp_set_password( #[\SensitiveParameter] $password, $user_id ) { global $wpdb; $old_user_data = get_userdata( $user_id ); $hash = wp_hash_password( $password ); $wpdb->update( $wpdb->users, array( 'user_pass' => $hash, 'user_activation_key' => '', ), array( 'ID' => $user_id ) ); clean_user_cache( $user_id ); /** * Fires after the user password is set. * * @since 6.2.0 * @since 6.7.0 The `$old_user_data` parameter was added. * * @param string $password The plaintext password just set. * @param int $user_id The ID of the user whose password was just set. * @param WP_User $old_user_data Object containing user's data prior to update. */ do_action( 'wp_set_password', $password, $user_id, $old_user_data ); } endif; if ( ! function_exists( 'get_avatar' ) ) : /** * Retrieves the avatar `<img>` tag for a user, email address, MD5 hash, comment, or post. * * @since 2.5.0 * @since 4.2.0 Added the optional `$args` parameter. * @since 5.5.0 Added the `loading` argument. * @since 6.1.0 Added the `decoding` argument. * @since 6.3.0 Added the `fetchpriority` argument. * * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. * @param int $size Optional. Height and width of the avatar in pixels. Default 96. * @param string $default_value URL for the default image or a default type. Accepts: * - '404' (return a 404 instead of a default image) * - 'retro' (a 8-bit arcade-style pixelated face) * - 'robohash' (a robot) * - 'monsterid' (a monster) * - 'wavatar' (a cartoon face) * - 'identicon' (the "quilt", a geometric pattern) * - 'initials' (initials based avatar with background color) * - 'color' (generated background color) * - 'mystery', 'mm', or 'mysteryman' (The Oyster Man) * - 'blank' (transparent GIF) * - 'gravatar_default' (the Gravatar logo) * Default is the value of the 'avatar_default' option, * with a fallback of 'mystery'. * @param string $alt Optional. Alternative text to use in the avatar image tag. * Default empty. * @param array $args { * Optional. Extra arguments to retrieve the avatar. * * @type int $height Display height of the avatar in pixels. Defaults to $size. * @type int $width Display width of the avatar in pixels. Defaults to $size. * @type bool $force_default Whether to always show the default image, never the Gravatar. * Default false. * @type string $rating What rating to display avatars up to. Accepts: * - 'G' (suitable for all audiences) * - 'PG' (possibly offensive, usually for audiences 13 and above) * - 'R' (intended for adult audiences above 17) * - 'X' (even more mature than above) * Default is the value of the 'avatar_rating' option. * @type string $scheme URL scheme to use. See set_url_scheme() for accepted values. * Default null. * @type array|string $class Array or string of additional classes to add to the img element. * Default null. * @type bool $force_display Whether to always show the avatar - ignores the show_avatars option. * Default false. * @type string $loading Value for the `loading` attribute. * Default null. * @type string $fetchpriority Value for the `fetchpriority` attribute. * Default null. * @type string $decoding Value for the `decoding` attribute. * Default null. * @type string $extra_attr HTML attributes to insert in the IMG element. Is not sanitized. * Default empty. * } * @return string|false `<img>` tag for the user's avatar. False on failure. */ function get_avatar( $id_or_email, $size = 96, $default_value = '', $alt = '', $args = null ) { $defaults = array( // get_avatar_data() args. 'size' => 96, 'height' => null, 'width' => null, 'default' => get_option( 'avatar_default', 'mystery' ), 'force_default' => false, 'rating' => get_option( 'avatar_rating' ), 'scheme' => null, 'alt' => '', 'class' => null, 'force_display' => false, 'loading' => null, 'fetchpriority' => null, 'decoding' => null, 'extra_attr' => '', ); if ( empty( $args ) ) { $args = array(); } $args['size'] = (int) $size; $args['default'] = $default_value; $args['alt'] = $alt; $args = wp_parse_args( $args, $defaults ); if ( empty( $args['height'] ) ) { $args['height'] = $args['size']; } if ( empty( $args['width'] ) ) { $args['width'] = $args['size']; } // Update args with loading optimized attributes. $loading_optimization_attr = wp_get_loading_optimization_attributes( 'img', $args, 'get_avatar' ); $args = array_merge( $args, $loading_optimization_attr ); if ( is_object( $id_or_email ) && isset( $id_or_email->comment_ID ) ) { $id_or_email = get_comment( $id_or_email ); } /** * Allows the HTML for a user's avatar to be returned early. * * Returning a non-null value will effectively short-circuit get_avatar(), passing * the value through the {@see 'get_avatar'} filter and returning early. * * @since 4.2.0 * * @param string|null $avatar HTML for the user's avatar. Default null. * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. * @param array $args Arguments passed to get_avatar_url(), after processing. */ $avatar = apply_filters( 'pre_get_avatar', null, $id_or_email, $args ); if ( ! is_null( $avatar ) ) { /** This filter is documented in wp-includes/pluggable.php */ return apply_filters( 'get_avatar', $avatar, $id_or_email, $args['size'], $args['default'], $args['alt'], $args ); } if ( ! $args['force_display'] && ! get_option( 'show_avatars' ) ) { return false; } $url2x = get_avatar_url( $id_or_email, array_merge( $args, array( 'size' => $args['size'] * 2 ) ) ); $args = get_avatar_data( $id_or_email, $args ); $url = $args['url']; if ( ! $url || is_wp_error( $url ) ) { return false; } $class = array( 'avatar', 'avatar-' . (int) $args['size'], 'photo' ); if ( ! $args['found_avatar'] || $args['force_default'] ) { $class[] = 'avatar-default'; } if ( $args['class'] ) { if ( is_array( $args['class'] ) ) { $class = array_merge( $class, $args['class'] ); } else { $class[] = $args['class']; } } // Add `loading`, `fetchpriority`, and `decoding` attributes. $extra_attr = $args['extra_attr']; if ( in_array( $args['loading'], array( 'lazy', 'eager' ), true ) && ! preg_match( '/\bloading\s*=/', $extra_attr ) ) { if ( ! empty( $extra_attr ) ) { $extra_attr .= ' '; } $extra_attr .= "loading='{$args['loading']}'"; } if ( in_array( $args['fetchpriority'], array( 'high', 'low', 'auto' ), true ) && ! preg_match( '/\bfetchpriority\s*=/', $extra_attr ) ) { if ( ! empty( $extra_attr ) ) { $extra_attr .= ' '; } $extra_attr .= "fetchpriority='{$args['fetchpriority']}'"; } if ( in_array( $args['decoding'], array( 'async', 'sync', 'auto' ), true ) && ! preg_match( '/\bdecoding\s*=/', $extra_attr ) ) { if ( ! empty( $extra_attr ) ) { $extra_attr .= ' '; } $extra_attr .= "decoding='{$args['decoding']}'"; } $avatar = sprintf( "<img alt='%s' src='%s' srcset='%s' class='%s' height='%d' width='%d' %s/>", esc_attr( $args['alt'] ), esc_url( $url ), esc_url( $url2x ) . ' 2x', esc_attr( implode( ' ', $class ) ), (int) $args['height'], (int) $args['width'], $extra_attr ); /** * Filters the HTML for a user's avatar. * * @since 2.5.0 * @since 4.2.0 Added the `$args` parameter. * * @param string $avatar HTML for the user's avatar. * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. * @param int $size Height and width of the avatar in pixels. * @param string $default_value URL for the default image or a default type. Accepts: * - '404' (return a 404 instead of a default image) * - 'retro' (a 8-bit arcade-style pixelated face) * - 'robohash' (a robot) * - 'monsterid' (a monster) * - 'wavatar' (a cartoon face) * - 'identicon' (the "quilt", a geometric pattern) * - 'mystery', 'mm', or 'mysteryman' (The Oyster Man) * - 'blank' (transparent GIF) * - 'gravatar_default' (the Gravatar logo) * @param string $alt Alternative text to use in the avatar image tag. * @param array $args Arguments passed to get_avatar_data(), after processing. */ return apply_filters( 'get_avatar', $avatar, $id_or_email, $args['size'], $args['default'], $args['alt'], $args ); } endif; if ( ! function_exists( 'wp_text_diff' ) ) : /** * Displays a human readable HTML representation of the difference between two strings. * * The Diff is available for getting the changes between versions. The output is * HTML, so the primary use is for displaying the changes. If the two strings * are equivalent, then an empty string will be returned. * * @since 2.6.0 * * @see wp_parse_args() Used to change defaults to user defined settings. * @uses Text_Diff * @uses WP_Text_Diff_Renderer_Table * * @param string $left_string "old" (left) version of string. * @param string $right_string "new" (right) version of string. * @param string|array $args { * Associative array of options to pass to WP_Text_Diff_Renderer_Table(). * * @type string $title Titles the diff in a manner compatible * with the output. Default empty. * @type string $title_left Change the HTML to the left of the title. * Default empty. * @type string $title_right Change the HTML to the right of the title. * Default empty. * @type bool $show_split_view True for split view (two columns), false for * un-split view (single column). Default true. * } * @return string Empty string if strings are equivalent or HTML with differences. */ function wp_text_diff( $left_string, $right_string, $args = null ) { $defaults = array( 'title' => '', 'title_left' => '', 'title_right' => '', 'show_split_view' => true, ); $args = wp_parse_args( $args, $defaults ); if ( ! class_exists( 'WP_Text_Diff_Renderer_Table', false ) ) { require ABSPATH . WPINC . '/wp-diff.php'; } $left_string = normalize_whitespace( $left_string ); $right_string = normalize_whitespace( $right_string ); $left_lines = explode( "\n", $left_string ); $right_lines = explode( "\n", $right_string ); $text_diff = new Text_Diff( $left_lines, $right_lines ); $renderer = new WP_Text_Diff_Renderer_Table( $args ); $diff = $renderer->render( $text_diff ); if ( ! $diff ) { return ''; } $is_split_view = ! empty( $args['show_split_view'] ); $is_split_view_class = $is_split_view ? ' is-split-view' : ''; $r = "<table class='diff$is_split_view_class'>\n"; if ( $args['title'] ) { $r .= "<caption class='diff-title'>$args[title]</caption>\n"; } if ( $args['title_left'] || $args['title_right'] ) { $r .= '<thead>'; } if ( $args['title_left'] || $args['title_right'] ) { $th_or_td_left = empty( $args['title_left'] ) ? 'td' : 'th'; $th_or_td_right = empty( $args['title_right'] ) ? 'td' : 'th'; $r .= "<tr class='diff-sub-title'>\n"; $r .= "\t<$th_or_td_left>$args[title_left]</$th_or_td_left>\n"; if ( $is_split_view ) { $r .= "\t<$th_or_td_right>$args[title_right]</$th_or_td_right>\n"; } $r .= "</tr>\n"; } if ( $args['title_left'] || $args['title_right'] ) { $r .= "</thead>\n"; } $r .= "<tbody>\n$diff\n</tbody>\n"; $r .= '</table>'; return $r; } endif; https-detection-20260605080416.php 0000666 00000013341 15225074365 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605110157.php 0000666 00000011205 15225074365 0012003 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-IXR.php 0000666 00000005070 15225074365 0007041 0 ustar 00 <?php /** * IXR - The Incutio XML-RPC Library * * Copyright (c) 2010, Incutio Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * - Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * - Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - Neither the name of Incutio Ltd. nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @package IXR * @since 1.5.0 * * @copyright Incutio Ltd 2010 (http://www.incutio.com) * @version 1.7.4 7th September 2010 * @author Simon Willison * @link http://scripts.incutio.com/xmlrpc/ Site/manual * @license http://www.opensource.org/licenses/bsd-license.php BSD */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } require_once ABSPATH . WPINC . '/IXR/class-IXR-server.php'; require_once ABSPATH . WPINC . '/IXR/class-IXR-base64.php'; require_once ABSPATH . WPINC . '/IXR/class-IXR-client.php'; require_once ABSPATH . WPINC . '/IXR/class-IXR-clientmulticall.php'; require_once ABSPATH . WPINC . '/IXR/class-IXR-date.php'; require_once ABSPATH . WPINC . '/IXR/class-IXR-error.php'; require_once ABSPATH . WPINC . '/IXR/class-IXR-introspectionserver.php'; require_once ABSPATH . WPINC . '/IXR/class-IXR-message.php'; require_once ABSPATH . WPINC . '/IXR/class-IXR-request.php'; require_once ABSPATH . WPINC . '/IXR/class-IXR-value.php'; embed-404.php 0000666 00000001707 15225074365 0006660 0 ustar 00 <?php /** * Contains the post embed content template part * * When a post is embedded in an iframe, this file is used to create the content template part * output if the active theme does not include an embed-404.php template. * * @package WordPress * @subpackage Theme_Compat * @since 4.5.0 */ ?> <div class="wp-embed"> <p class="wp-embed-heading"><?php _e( 'Oops! That embed cannot be found.' ); ?></p> <div class="wp-embed-excerpt"> <p> <?php printf( /* translators: %s: A link to the embedded site. */ __( 'It looks like nothing was found at this location. Maybe try visiting %s directly?' ), '<strong><a href="' . esc_url( home_url() ) . '">' . esc_html( get_bloginfo( 'name' ) ) . '</a></strong>' ); ?> </p> </div> <?php /** This filter is documented in wp-includes/theme-compat/embed-content.php */ do_action( 'embed_content' ); ?> <div class="wp-embed-footer"> <?php the_embed_site_title(); ?> </div> </div> https-detection-20260605141018.php 0000666 00000013341 15225074365 0011773 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-post.php 0000666 00000014533 15225074365 0010014 0 ustar 00 <?php /** * Post API: WP_Post class * * @package WordPress * @subpackage Post * @since 4.4.0 */ /** * Core class used to implement the WP_Post object. * * @since 3.5.0 * * @property string $page_template * * @property-read int[] $ancestors * @property-read int[] $post_category * @property-read string[] $tags_input */ #[AllowDynamicProperties] final class WP_Post { /** * Post ID. * * @since 3.5.0 * @var int */ public $ID; /** * ID of post author. * * A numeric string, for compatibility reasons. * * @since 3.5.0 * @var string */ public $post_author = '0'; /** * The post's local publication time. * * @since 3.5.0 * @var string */ public $post_date = '0000-00-00 00:00:00'; /** * The post's GMT publication time. * * @since 3.5.0 * @var string */ public $post_date_gmt = '0000-00-00 00:00:00'; /** * The post's content. * * @since 3.5.0 * @var string */ public $post_content = ''; /** * The post's title. * * @since 3.5.0 * @var string */ public $post_title = ''; /** * The post's excerpt. * * @since 3.5.0 * @var string */ public $post_excerpt = ''; /** * The post's status. * * @since 3.5.0 * @var string */ public $post_status = 'publish'; /** * Whether comments are allowed. * * @since 3.5.0 * @var string */ public $comment_status = 'open'; /** * Whether pings are allowed. * * @since 3.5.0 * @var string */ public $ping_status = 'open'; /** * The post's password in plain text. * * @since 3.5.0 * @var string */ public $post_password = ''; /** * The post's slug. * * @since 3.5.0 * @var string */ public $post_name = ''; /** * URLs queued to be pinged. * * @since 3.5.0 * @var string */ public $to_ping = ''; /** * URLs that have been pinged. * * @since 3.5.0 * @var string */ public $pinged = ''; /** * The post's local modified time. * * @since 3.5.0 * @var string */ public $post_modified = '0000-00-00 00:00:00'; /** * The post's GMT modified time. * * @since 3.5.0 * @var string */ public $post_modified_gmt = '0000-00-00 00:00:00'; /** * A utility DB field for post content. * * @since 3.5.0 * @var string */ public $post_content_filtered = ''; /** * ID of a post's parent post. * * @since 3.5.0 * @var int */ public $post_parent = 0; /** * The unique identifier for a post, not necessarily a URL, used as the feed GUID. * * @since 3.5.0 * @var string */ public $guid = ''; /** * A field used for ordering posts. * * @since 3.5.0 * @var int */ public $menu_order = 0; /** * The post's type, like post or page. * * @since 3.5.0 * @var string */ public $post_type = 'post'; /** * An attachment's mime type. * * @since 3.5.0 * @var string */ public $post_mime_type = ''; /** * Cached comment count. * * A numeric string, for compatibility reasons. * * @since 3.5.0 * @var string */ public $comment_count = '0'; /** * Stores the post object's sanitization level. * * Does not correspond to a DB field. * * @since 3.5.0 * @var string */ public $filter; /** * Retrieve WP_Post instance. * * @since 3.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $post_id Post ID. * @return WP_Post|false Post object, false otherwise. */ public static function get_instance( $post_id ) { global $wpdb; $post_id = (int) $post_id; if ( $post_id <= 0 ) { return false; } $_post = wp_cache_get( $post_id, 'posts' ); if ( ! $_post ) { $_post = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post_id ) ); if ( ! $_post ) { return false; } $_post = sanitize_post( $_post, 'raw' ); wp_cache_add( $_post->ID, $_post, 'posts' ); } elseif ( empty( $_post->filter ) || 'raw' !== $_post->filter ) { $_post = sanitize_post( $_post, 'raw' ); } return new WP_Post( $_post ); } /** * Constructor. * * @since 3.5.0 * * @param WP_Post|object $post Post object. */ public function __construct( $post ) { foreach ( get_object_vars( $post ) as $key => $value ) { $this->$key = $value; } } /** * Isset-er. * * @since 3.5.0 * * @param string $key Property to check if set. * @return bool */ public function __isset( $key ) { if ( 'ancestors' === $key ) { return true; } if ( 'page_template' === $key ) { return true; } if ( 'post_category' === $key ) { return true; } if ( 'tags_input' === $key ) { return true; } return metadata_exists( 'post', $this->ID, $key ); } /** * Getter. * * @since 3.5.0 * * @param string $key Key to get. * @return mixed */ public function __get( $key ) { if ( 'page_template' === $key && $this->__isset( $key ) ) { return get_post_meta( $this->ID, '_wp_page_template', true ); } if ( 'post_category' === $key ) { if ( is_object_in_taxonomy( $this->post_type, 'category' ) ) { $terms = get_the_terms( $this, 'category' ); } if ( empty( $terms ) ) { return array(); } return wp_list_pluck( $terms, 'term_id' ); } if ( 'tags_input' === $key ) { if ( is_object_in_taxonomy( $this->post_type, 'post_tag' ) ) { $terms = get_the_terms( $this, 'post_tag' ); } if ( empty( $terms ) ) { return array(); } return wp_list_pluck( $terms, 'name' ); } // Rest of the values need filtering. if ( 'ancestors' === $key ) { $value = get_post_ancestors( $this ); } else { $value = get_post_meta( $this->ID, $key, true ); } if ( $this->filter ) { $value = sanitize_post_field( $key, $value, $this->ID, $this->filter ); } return $value; } /** * {@Missing Summary} * * @since 3.5.0 * * @param string $filter Filter. * @return WP_Post */ public function filter( $filter ) { if ( $this->filter === $filter ) { return $this; } if ( 'raw' === $filter ) { return self::get_instance( $this->ID ); } return sanitize_post( $this, $filter ); } /** * Convert object to array. * * @since 3.5.0 * * @return array Object as array. */ public function to_array() { $post = get_object_vars( $this ); foreach ( array( 'ancestors', 'page_template', 'post_category', 'tags_input' ) as $key ) { if ( $this->__isset( $key ) ) { $post[ $key ] = $this->__get( $key ); } } return $post; } } https-detection-20260605082518.php 0000666 00000013341 15225074365 0012004 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } abilities-api.php 0000666 00000057461 15225074365 0010023 0 ustar 00 <?php /** * Abilities API: core functions for registering and managing abilities. * * The Abilities API provides a unified, extensible framework for registering * and executing discrete capabilities within WordPress. An "ability" is a * self-contained unit of functionality with defined inputs, outputs, permissions, * and execution logic. * * ## Overview * * The Abilities API enables developers to: * * - Register custom abilities with standardized interfaces. * - Define permission checks and execution callbacks. * - Organize abilities into logical categories. * - Validate inputs and outputs using JSON Schema. * - Expose abilities through the REST API. * * ## Working with Abilities * * Abilities must be registered on the `wp_abilities_api_init` action hook. * Attempting to register an ability outside of this hook will fail and * trigger a `_doing_it_wrong()` notice. * Example: * * function my_plugin_register_abilities(): void { * wp_register_ability( * 'my-plugin/export-users', * array( * 'label' => __( 'Export Users', 'my-plugin' ), * 'description' => __( 'Exports user data to CSV format.', 'my-plugin' ), * 'category' => 'data-export', * 'execute_callback' => 'my_plugin_export_users', * 'permission_callback' => function(): bool { * return current_user_can( 'export' ); * }, * 'input_schema' => array( * 'type' => 'string', * 'enum' => array( 'subscriber', 'contributor', 'author', 'editor', 'administrator' ), * 'description' => __( 'Limits the export to users with this role.', 'my-plugin' ), * 'required' => false, * ), * 'output_schema' => array( * 'type' => 'string', * 'description' => __( 'User data in CSV format.', 'my-plugin' ), * 'required' => true, * ), * 'meta' => array( * 'show_in_rest' => true, * ), * ) * ); * } * add_action( 'wp_abilities_api_init', 'my_plugin_register_abilities' ); * * Once registered, abilities can be checked, retrieved, and managed: * * // Checks if an ability is registered, and prints its label. * if ( wp_has_ability( 'my-plugin/export-users' ) ) { * $ability = wp_get_ability( 'my-plugin/export-users' ); * * echo $ability->get_label(); * } * * // Gets all registered abilities. * $all_abilities = wp_get_abilities(); * * // Unregisters when no longer needed. * wp_unregister_ability( 'my-plugin/export-users' ); * * ## Best Practices * * - Always register abilities on the `wp_abilities_api_init` hook. * - Use namespaced ability names to prevent conflicts. * - Implement robust permission checks in permission callbacks. * - Provide an `input_schema` to ensure data integrity and document expected inputs. * - Define an `output_schema` to describe return values and validate responses. * - Return `WP_Error` objects for failures rather than throwing exceptions. * - Use internationalization functions for all user-facing strings. * * @package WordPress * @subpackage Abilities_API * @since 6.9.0 */ declare( strict_types = 1 ); /** * Registers a new ability using the Abilities API. It requires three steps: * * 1. Hook into the `wp_abilities_api_init` action. * 2. Call `wp_register_ability()` with a namespaced name and configuration. * 3. Provide execute and permission callbacks. * * Example: * * function my_plugin_register_abilities(): void { * wp_register_ability( * 'my-plugin/analyze-text', * array( * 'label' => __( 'Analyze Text', 'my-plugin' ), * 'description' => __( 'Performs sentiment analysis on provided text.', 'my-plugin' ), * 'category' => 'text-processing', * 'input_schema' => array( * 'type' => 'string', * 'description' => __( 'The text to be analyzed.', 'my-plugin' ), * 'minLength' => 10, * 'required' => true, * ), * 'output_schema' => array( * 'type' => 'string', * 'enum' => array( 'positive', 'negative', 'neutral' ), * 'description' => __( 'The sentiment result: positive, negative, or neutral.', 'my-plugin' ), * 'required' => true, * ), * 'execute_callback' => 'my_plugin_analyze_text', * 'permission_callback' => 'my_plugin_can_analyze_text', * 'meta' => array( * 'annotations' => array( * 'readonly' => true, * ), * 'show_in_rest' => true, * ), * ) * ); * } * add_action( 'wp_abilities_api_init', 'my_plugin_register_abilities' ); * * ### Naming Conventions * * Ability names must follow these rules: * * - Include a namespace prefix (e.g., `my-plugin/my-ability`). * - Use only lowercase alphanumeric characters, dashes, and forward slashes. * - Use descriptive, action-oriented names (e.g., `process-payment`, `generate-report`). * * ### Categories * * Abilities must be organized into categories. Ability categories provide better * discoverability and must be registered before the abilities that reference them: * * function my_plugin_register_categories(): void { * wp_register_ability_category( * 'text-processing', * array( * 'label' => __( 'Text Processing', 'my-plugin' ), * 'description' => __( 'Abilities for analyzing and transforming text.', 'my-plugin' ), * ) * ); * } * add_action( 'wp_abilities_api_categories_init', 'my_plugin_register_categories' ); * * ### Input and Output Schemas * * Schemas define the expected structure, type, and constraints for ability inputs * and outputs using JSON Schema syntax. They serve two critical purposes: automatic * validation of data passed to and returned from abilities, and self-documenting * API contracts for developers. * * WordPress implements a validator based on a subset of the JSON Schema Version 4 * specification (https://json-schema.org/specification-links.html#draft-4). * For details on supported JSON Schema properties and syntax, see the * related WordPress REST API Schema documentation: * https://developer.wordpress.org/rest-api/extending-the-rest-api/schema/#json-schema-basics * * Defining schemas is mandatory when there is a value to pass or return. * They ensure data integrity, improve developer experience, and enable * better documentation: * * 'input_schema' => array( * 'type' => 'string', * 'description' => __( 'The text to be analyzed.', 'my-plugin' ), * 'minLength' => 10, * 'required' => true, * ), * 'output_schema' => array( * 'type' => 'string', * 'enum' => array( 'positive', 'negative', 'neutral' ), * 'description' => __( 'The sentiment result: positive, negative, or neutral.', 'my-plugin' ), * 'required' => true, * ), * * ### Callbacks * * #### Execute Callback * * The execute callback performs the ability's core functionality. It receives * optional input data and returns either a result or `WP_Error` on failure. * * function my_plugin_analyze_text( string $input ): string|WP_Error { * $score = My_Plugin::perform_sentiment_analysis( $input ); * if ( is_wp_error( $score ) ) { * return $score; * } * return My_Plugin::interpret_sentiment_score( $score ); * } * * #### Permission Callback * * The permission callback determines whether the ability can be executed. * It receives the same input as the execute callback and must return a * boolean or `WP_Error`. Common use cases include checking user capabilities, * validating API keys, or verifying system state: * * function my_plugin_can_analyze_text( string $input ): bool|WP_Error { * return current_user_can( 'edit_posts' ); * } * * ### REST API Integration * * Abilities can be exposed through the REST API by setting `show_in_rest` * to `true` in the meta configuration: * * 'meta' => array( * 'show_in_rest' => true, * ), * * This allows abilities to be invoked via HTTP requests to the WordPress REST API. * * @since 6.9.0 * * @see WP_Abilities_Registry::register() * @see wp_register_ability_category() * @see wp_unregister_ability() * * @param string $name The name of the ability. Must be a namespaced string containing * a prefix, e.g., `my-plugin/my-ability`. Can only contain lowercase * alphanumeric characters, dashes, and forward slashes. * @param array<string, mixed> $args { * An associative array of arguments for configuring the ability. * * @type string $label Required. The human-readable label for the ability. * @type string $description Required. A detailed description of what the ability does * and when it should be used. * @type string $category Required. The ability category slug this ability belongs to. * The ability category must be registered via `wp_register_ability_category()` * before registering the ability. * @type callable $execute_callback Required. A callback function to execute when the ability is invoked. * Receives optional mixed input data and must return either a result * value (any type) or a `WP_Error` object on failure. * @type callable $permission_callback Required. A callback function to check permissions before execution. * Receives optional mixed input data (same as `execute_callback`) and * must return `true`/`false` for simple checks, or `WP_Error` for * detailed error responses. * @type array<string, mixed> $input_schema Optional. JSON Schema definition for validating the ability's input. * Must be a valid JSON Schema object defining the structure and * constraints for input data. Used for automatic validation and * API documentation. * @type array<string, mixed> $output_schema Optional. JSON Schema definition for the ability's output. * Describes the structure of successful return values from * `execute_callback`. Used for documentation and validation. * @type array<string, mixed> $meta { * Optional. Additional metadata for the ability. * * @type array<string, bool|null> $annotations { * Optional. Semantic annotations describing the ability's behavioral characteristics. * These annotations are hints for tooling and documentation. * * @type bool|null $readonly Optional. If true, the ability does not modify its environment. * @type bool|null $destructive Optional. If true, the ability may perform destructive updates to its environment. * If false, the ability performs only additive updates. * @type bool|null $idempotent Optional. If true, calling the ability repeatedly with the same arguments * will have no additional effect on its environment. * } * @type bool $show_in_rest Optional. Whether to expose this ability in the REST API. * When true, the ability can be invoked via HTTP requests. * Default false. * } * @type string $ability_class Optional. Fully-qualified custom class name to instantiate * instead of the default `WP_Ability` class. The custom class * must extend `WP_Ability`. Useful for advanced customization * of ability behavior. * } * @return WP_Ability|null The registered ability instance on success, `null` on failure. */ function wp_register_ability( string $name, array $args ): ?WP_Ability { if ( ! doing_action( 'wp_abilities_api_init' ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: wp_abilities_api_init, 2: string value of the ability name. */ __( 'Abilities must be registered on the %1$s action. The ability %2$s was not registered.' ), '<code>wp_abilities_api_init</code>', '<code>' . esc_html( $name ) . '</code>' ), '6.9.0' ); return null; } $registry = WP_Abilities_Registry::get_instance(); if ( null === $registry ) { return null; } return $registry->register( $name, $args ); } /** * Unregisters an ability from the Abilities API. * * Removes a previously registered ability from the global registry. Use this to * disable abilities provided by other plugins or when an ability is no longer needed. * * Can be called at any time after the ability has been registered. * * Example: * * if ( wp_has_ability( 'other-plugin/some-ability' ) ) { * wp_unregister_ability( 'other-plugin/some-ability' ); * } * * @since 6.9.0 * * @see WP_Abilities_Registry::unregister() * @see wp_register_ability() * * @param string $name The name of the ability to unregister, including namespace prefix * (e.g., 'my-plugin/my-ability'). * @return WP_Ability|null The unregistered ability instance on success, `null` on failure. */ function wp_unregister_ability( string $name ): ?WP_Ability { $registry = WP_Abilities_Registry::get_instance(); if ( null === $registry ) { return null; } return $registry->unregister( $name ); } /** * Checks if an ability is registered. * * Use this for conditional logic and feature detection before attempting to * retrieve or use an ability. * * Example: * * // Displays different UI based on available abilities. * if ( wp_has_ability( 'premium-plugin/advanced-export' ) ) { * echo 'Export with Premium Features'; * } else { * echo 'Basic Export'; * } * * @since 6.9.0 * * @see WP_Abilities_Registry::is_registered() * @see wp_get_ability() * * @param string $name The name of the ability to check, including namespace prefix * (e.g., 'my-plugin/my-ability'). * @return bool `true` if the ability is registered, `false` otherwise. */ function wp_has_ability( string $name ): bool { $registry = WP_Abilities_Registry::get_instance(); if ( null === $registry ) { return false; } return $registry->is_registered( $name ); } /** * Retrieves a registered ability. * * Returns the ability instance for inspection or use. The instance provides access * to the ability's configuration, metadata, and execution methods. * * Example: * * // Prints information about a registered ability. * $ability = wp_get_ability( 'my-plugin/export-data' ); * if ( $ability ) { * echo $ability->get_label() . ': ' . $ability->get_description(); * } * * @since 6.9.0 * * @see WP_Abilities_Registry::get_registered() * @see wp_has_ability() * * @param string $name The name of the ability, including namespace prefix * (e.g., 'my-plugin/my-ability'). * @return WP_Ability|null The registered ability instance, or `null` if not registered. */ function wp_get_ability( string $name ): ?WP_Ability { $registry = WP_Abilities_Registry::get_instance(); if ( null === $registry ) { return null; } return $registry->get_registered( $name ); } /** * Retrieves all registered abilities. * * Returns an array of all ability instances currently registered in the system. * Use this for discovery, debugging, or building administrative interfaces. * * Example: * * // Prints information about all available abilities. * $abilities = wp_get_abilities(); * foreach ( $abilities as $ability ) { * echo $ability->get_label() . ': ' . $ability->get_description() . "\n"; * } * * @since 6.9.0 * * @see WP_Abilities_Registry::get_all_registered() * * @return WP_Ability[] An array of registered WP_Ability instances. Returns an empty * array if no abilities are registered or if the registry is unavailable. */ function wp_get_abilities(): array { $registry = WP_Abilities_Registry::get_instance(); if ( null === $registry ) { return array(); } return $registry->get_all_registered(); } /** * Registers a new ability category. * * Ability categories provide a way to organize and group related abilities for better * discoverability and management. Ability categories must be registered before abilities * that reference them. * * Ability categories must be registered on the `wp_abilities_api_categories_init` action hook. * * Example: * * function my_plugin_register_categories() { * wp_register_ability_category( * 'content-management', * array( * 'label' => __( 'Content Management', 'my-plugin' ), * 'description' => __( 'Abilities for managing and organizing content.', 'my-plugin' ), * ) * ); * } * add_action( 'wp_abilities_api_categories_init', 'my_plugin_register_categories' ); * * @since 6.9.0 * * @see WP_Ability_Categories_Registry::register() * @see wp_register_ability() * @see wp_unregister_ability_category() * * @param string $slug The unique slug for the ability category. Must contain only lowercase * alphanumeric characters and dashes (e.g., 'data-export'). * @param array<string, mixed> $args { * An associative array of arguments for the ability category. * * @type string $label Required. The human-readable label for the ability category. * @type string $description Required. A description of what abilities in this category do. * @type array<string, mixed> $meta Optional. Additional metadata for the ability category. * } * @return WP_Ability_Category|null The registered ability category instance on success, `null` on failure. */ function wp_register_ability_category( string $slug, array $args ): ?WP_Ability_Category { if ( ! doing_action( 'wp_abilities_api_categories_init' ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: wp_abilities_api_categories_init, 2: ability category slug. */ __( 'Ability categories must be registered on the %1$s action. The ability category %2$s was not registered.' ), '<code>wp_abilities_api_categories_init</code>', '<code>' . esc_html( $slug ) . '</code>' ), '6.9.0' ); return null; } $registry = WP_Ability_Categories_Registry::get_instance(); if ( null === $registry ) { return null; } return $registry->register( $slug, $args ); } /** * Unregisters an ability category. * * Removes a previously registered ability category from the global registry. Use this to * disable ability categories that are no longer needed. * * Can be called at any time after the ability category has been registered. * * Example: * * if ( wp_has_ability_category( 'deprecated-category' ) ) { * wp_unregister_ability_category( 'deprecated-category' ); * } * * @since 6.9.0 * * @see WP_Ability_Categories_Registry::unregister() * @see wp_register_ability_category() * * @param string $slug The slug of the ability category to unregister. * @return WP_Ability_Category|null The unregistered ability category instance on success, `null` on failure. */ function wp_unregister_ability_category( string $slug ): ?WP_Ability_Category { $registry = WP_Ability_Categories_Registry::get_instance(); if ( null === $registry ) { return null; } return $registry->unregister( $slug ); } /** * Checks if an ability category is registered. * * Use this for conditional logic and feature detection before attempting to * retrieve or use an ability category. * * Example: * * // Displays different UI based on available ability categories. * if ( wp_has_ability_category( 'premium-features' ) ) { * echo 'Premium Features Available'; * } else { * echo 'Standard Features'; * } * * @since 6.9.0 * * @see WP_Ability_Categories_Registry::is_registered() * @see wp_get_ability_category() * * @param string $slug The slug of the ability category to check. * @return bool `true` if the ability category is registered, `false` otherwise. */ function wp_has_ability_category( string $slug ): bool { $registry = WP_Ability_Categories_Registry::get_instance(); if ( null === $registry ) { return false; } return $registry->is_registered( $slug ); } /** * Retrieves a registered ability category. * * Returns the ability category instance for inspection or use. The instance provides access * to the ability category's configuration and metadata. * * Example: * * // Prints information about a registered ability category. * $ability_category = wp_get_ability_category( 'content-management' ); * if ( $ability_category ) { * echo $ability_category->get_label() . ': ' . $ability_category->get_description(); * } * * @since 6.9.0 * * @see WP_Ability_Categories_Registry::get_registered() * @see wp_has_ability_category() * @see wp_get_ability_categories() * * @param string $slug The slug of the ability category. * @return WP_Ability_Category|null The ability category instance, or `null` if not registered. */ function wp_get_ability_category( string $slug ): ?WP_Ability_Category { $registry = WP_Ability_Categories_Registry::get_instance(); if ( null === $registry ) { return null; } return $registry->get_registered( $slug ); } /** * Retrieves all registered ability categories. * * Returns an array of all ability category instances currently registered in the system. * Use this for discovery, debugging, or building administrative interfaces. * * Example: * * // Prints information about all available ability categories. * $ability_categories = wp_get_ability_categories(); * foreach ( $ability_categories as $ability_category ) { * echo $ability_category->get_label() . ': ' . $ability_category->get_description() . "\n"; * } * * @since 6.9.0 * * @see WP_Ability_Categories_Registry::get_all_registered() * @see wp_get_ability_category() * * @return WP_Ability_Category[] An array of registered ability category instances. Returns an empty array * if no ability categories are registered or if the registry is unavailable. */ function wp_get_ability_categories(): array { $registry = WP_Ability_Categories_Registry::get_instance(); if ( null === $registry ) { return array(); } return $registry->get_all_registered(); } script-modules.php 0000666 00000023267 15225074365 0010256 0 ustar 00 <?php /** * Script Modules API: Script Module functions * * @since 6.5.0 * * @package WordPress * @subpackage Script Modules */ /** * Retrieves the main WP_Script_Modules instance. * * This function provides access to the WP_Script_Modules instance, creating one * if it doesn't exist yet. * * @since 6.5.0 * * @global WP_Script_Modules $wp_script_modules * * @return WP_Script_Modules The main WP_Script_Modules instance. */ function wp_script_modules(): WP_Script_Modules { global $wp_script_modules; if ( ! ( $wp_script_modules instanceof WP_Script_Modules ) ) { $wp_script_modules = new WP_Script_Modules(); } return $wp_script_modules; } /** * Registers the script module if no script module with that script module * identifier has already been registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ function wp_register_script_module( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) { wp_script_modules()->register( $id, $src, $deps, $version, $args ); } /** * Marks the script module to be enqueued in the page. * * If a src is provided and the script module has not been registered yet, it * will be registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ function wp_enqueue_script_module( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) { wp_script_modules()->enqueue( $id, $src, $deps, $version, $args ); } /** * Unmarks the script module so it is no longer enqueued in the page. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ function wp_dequeue_script_module( string $id ) { wp_script_modules()->dequeue( $id ); } /** * Deregisters the script module. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ function wp_deregister_script_module( string $id ) { wp_script_modules()->deregister( $id ); } /** * Registers all the default WordPress Script Modules. * * @since 6.7.0 */ function wp_default_script_modules() { $suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix(); /* * Expects multidimensional array like: * * 'interactivity/index.min.js' => array('dependencies' => array(…), 'version' => '…'), * 'interactivity/debug.min.js' => array('dependencies' => array(…), 'version' => '…'), * 'interactivity-router/index.min.js' => … */ $assets = include ABSPATH . WPINC . "/assets/script-modules-packages{$suffix}.php"; foreach ( $assets as $file_name => $script_module_data ) { /* * Build the WordPress Script Module ID from the file name. * Prepend `@wordpress/` and remove extensions and `/index` if present: * - interactivity/index.min.js => @wordpress/interactivity * - interactivity/debug.min.js => @wordpress/interactivity/debug * - block-library/query/view.js => @wordpress/block-library/query/view */ $script_module_id = '@wordpress/' . preg_replace( '~(?:/index)?(?:\.min)?\.js$~D', '', $file_name, 1 ); switch ( $script_module_id ) { /* * Interactivity exposes two entrypoints, "/index" and "/debug". * "/debug" should replace "/index" in development. */ case '@wordpress/interactivity/debug': if ( ! SCRIPT_DEBUG ) { continue 2; } $script_module_id = '@wordpress/interactivity'; break; case '@wordpress/interactivity': if ( SCRIPT_DEBUG ) { continue 2; } break; } /* * The Interactivity API is designed with server-side rendering as its primary goal, so all of its script modules * should be loaded with low fetchpriority and printed in the footer since they should not be needed in the * critical rendering path. Also, the @wordpress/a11y script module is intended to be used as a dynamic import * dependency, in which case the fetchpriority is irrelevant. See <https://make.wordpress.org/core/2024/10/14/updates-to-script-modules-in-6-7/>. * However, in case it is added as a static import dependency, the fetchpriority is explicitly set to be 'low' * since the module should not be involved in the critical rendering path, and if it is, its fetchpriority will * be bumped to match the fetchpriority of the dependent script. */ $args = array(); if ( str_starts_with( $script_module_id, '@wordpress/interactivity' ) || str_starts_with( $script_module_id, '@wordpress/block-library' ) || '@wordpress/a11y' === $script_module_id ) { $args['fetchpriority'] = 'low'; $args['in_footer'] = true; } // Marks all Core blocks as compatible with client-side navigation. if ( str_starts_with( $script_module_id, '@wordpress/block-library' ) ) { wp_interactivity()->add_client_navigation_support_to_script_module( $script_module_id ); } $path = includes_url( "js/dist/script-modules/{$file_name}" ); wp_register_script_module( $script_module_id, $path, $script_module_data['dependencies'], $script_module_data['version'], $args ); } } https-migration-20260605165544.php 0000666 00000011205 15225074365 0012015 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260607010100.php 0000666 00000011205 15225074365 0011770 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606074753.php 0000666 00000013341 15225074365 0012007 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260622172501.php 0000666 00000011205 15225074365 0012003 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } functions.php 0000666 00001063530 15225074365 0007312 0 ustar 00 <?php /** * Main WordPress API * * @package WordPress */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } require ABSPATH . WPINC . '/option.php'; /** * Converts given MySQL date string into a different format. * * - `$format` should be a PHP date format string. * - 'U' and 'G' formats will return an integer sum of timestamp with timezone offset. * - `$date` is expected to be local time in MySQL format (`Y-m-d H:i:s`). * * Historically UTC time could be passed to the function to produce Unix timestamp. * * If `$translate` is true then the given date and format string will * be passed to `wp_date()` for translation. * * @since 0.71 * * @param string $format Format of the date to return. * @param string $date Date string to convert. * @param bool $translate Whether the return date should be translated. Default true. * @return string|int|false Integer if `$format` is 'U' or 'G', string otherwise. * False on failure. */ function mysql2date( $format, $date, $translate = true ) { if ( empty( $date ) ) { return false; } $timezone = wp_timezone(); $datetime = date_create( $date, $timezone ); if ( false === $datetime ) { return false; } // Returns a sum of timestamp with timezone offset. Ideally should never be used. if ( 'G' === $format || 'U' === $format ) { return $datetime->getTimestamp() + $datetime->getOffset(); } if ( $translate ) { return wp_date( $format, $datetime->getTimestamp(), $timezone ); } return $datetime->format( $format ); } /** * Retrieves the current time based on specified type. * * - The 'mysql' type will return the time in the format for MySQL DATETIME field. * - The 'timestamp' or 'U' types will return the current timestamp or a sum of timestamp * and timezone offset, depending on `$gmt`. * - Other strings will be interpreted as PHP date formats (e.g. 'Y-m-d'). * * If `$gmt` is a truthy value then both types will use GMT time, otherwise the * output is adjusted with the GMT offset for the site. * * @since 1.0.0 * @since 5.3.0 Now returns an integer if `$type` is 'U'. Previously a string was returned. * * @param string $type Type of time to retrieve. Accepts 'mysql', 'timestamp', 'U', * or PHP date format string (e.g. 'Y-m-d'). * @param bool $gmt Optional. Whether to use GMT timezone. Default false. * @return int|string Integer if `$type` is 'timestamp' or 'U', string otherwise. */ function current_time( $type, $gmt = false ) { // Don't use non-GMT timestamp, unless you know the difference and really need to. if ( 'timestamp' === $type || 'U' === $type ) { return $gmt ? time() : time() + (int) ( (float) get_option( 'gmt_offset' ) * HOUR_IN_SECONDS ); } if ( 'mysql' === $type ) { $type = 'Y-m-d H:i:s'; } $timezone = $gmt ? new DateTimeZone( 'UTC' ) : wp_timezone(); $datetime = new DateTime( 'now', $timezone ); return $datetime->format( $type ); } /** * Retrieves the current time as an object using the site's timezone. * * @since 5.3.0 * * @return DateTimeImmutable Date and time object. */ function current_datetime() { return new DateTimeImmutable( 'now', wp_timezone() ); } /** * Retrieves the timezone of the site as a string. * * Uses the `timezone_string` option to get a proper timezone name if available, * otherwise falls back to a manual UTC ± offset. * * Example return values: * * - 'Europe/Rome' * - 'America/North_Dakota/New_Salem' * - 'UTC' * - '-06:30' * - '+00:00' * - '+08:45' * * @since 5.3.0 * * @return string PHP timezone name or a ±HH:MM offset. */ function wp_timezone_string() { $timezone_string = get_option( 'timezone_string' ); if ( $timezone_string ) { return $timezone_string; } $offset = (float) get_option( 'gmt_offset' ); $hours = (int) $offset; $minutes = ( $offset - $hours ); $sign = ( $offset < 0 ) ? '-' : '+'; $abs_hour = abs( $hours ); $abs_mins = abs( $minutes * 60 ); $tz_offset = sprintf( '%s%02d:%02d', $sign, $abs_hour, $abs_mins ); return $tz_offset; } /** * Retrieves the timezone of the site as a `DateTimeZone` object. * * Timezone can be based on a PHP timezone string or a ±HH:MM offset. * * @since 5.3.0 * * @return DateTimeZone Timezone object. */ function wp_timezone() { return new DateTimeZone( wp_timezone_string() ); } /** * Retrieves the date in localized format, based on a sum of Unix timestamp and * timezone offset in seconds. * * If the locale specifies the locale month and weekday, then the locale will * take over the format for the date. If it isn't, then the date format string * will be used instead. * * Note that due to the way WP typically generates a sum of timestamp and offset * with `strtotime()`, it implies offset added at a _current_ time, not at the time * the timestamp represents. Storing such timestamps or calculating them differently * will lead to invalid output. * * @since 0.71 * @since 5.3.0 Converted into a wrapper for wp_date(). * * @param string $format Format to display the date. * @param int|bool $timestamp_with_offset Optional. A sum of Unix timestamp and timezone offset * in seconds. Default false. * @param bool $gmt Optional. Whether to use GMT timezone. Only applies * if timestamp is not provided. Default false. * @return string The date, translated if locale specifies it. */ function date_i18n( $format, $timestamp_with_offset = false, $gmt = false ) { $timestamp = $timestamp_with_offset; // If timestamp is omitted it should be current time (summed with offset, unless `$gmt` is true). if ( ! is_numeric( $timestamp ) ) { // phpcs:ignore WordPress.DateTime.CurrentTimeTimestamp.Requested $timestamp = current_time( 'timestamp', $gmt ); } /* * This is a legacy implementation quirk that the returned timestamp is also with offset. * Ideally this function should never be used to produce a timestamp. */ if ( 'U' === $format ) { $date = $timestamp; } elseif ( $gmt && false === $timestamp_with_offset ) { // Current time in UTC. $date = wp_date( $format, null, new DateTimeZone( 'UTC' ) ); } elseif ( false === $timestamp_with_offset ) { // Current time in site's timezone. $date = wp_date( $format ); } else { /* * Timestamp with offset is typically produced by a UTC `strtotime()` call on an input without timezone. * This is the best attempt to reverse that operation into a local time to use. */ $local_time = gmdate( 'Y-m-d H:i:s', $timestamp ); $timezone = wp_timezone(); $datetime = date_create( $local_time, $timezone ); $date = wp_date( $format, $datetime->getTimestamp(), $timezone ); } /** * Filters the date formatted based on the locale. * * @since 2.8.0 * * @param string $date Formatted date string. * @param string $format Format to display the date. * @param int $timestamp A sum of Unix timestamp and timezone offset in seconds. * Might be without offset if input omitted timestamp but requested GMT. * @param bool $gmt Whether to use GMT timezone. Only applies if timestamp was not provided. */ $date = apply_filters( 'date_i18n', $date, $format, $timestamp, $gmt ); return $date; } /** * Retrieves the date, in localized format. * * This is a newer function, intended to replace `date_i18n()` without legacy quirks in it. * * Note that, unlike `date_i18n()`, this function accepts a true Unix timestamp, not summed * with timezone offset. * * @since 5.3.0 * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @param string $format PHP date format. * @param int|null $timestamp Optional. Unix timestamp. Defaults to current time. * @param DateTimeZone|null $timezone Optional. Timezone to output result in. Defaults to timezone * from site settings. * @return string|false The date, translated if locale specifies it. False on invalid timestamp input. */ function wp_date( $format, $timestamp = null, $timezone = null ) { global $wp_locale; if ( null === $timestamp ) { $timestamp = time(); } elseif ( ! is_numeric( $timestamp ) ) { return false; } if ( ! $timezone ) { $timezone = wp_timezone(); } $datetime = date_create( '@' . $timestamp ); $datetime->setTimezone( $timezone ); if ( empty( $wp_locale->month ) || empty( $wp_locale->weekday ) ) { $date = $datetime->format( $format ); } else { // We need to unpack shorthand `r` format because it has parts that might be localized. $format = preg_replace( '/(?<!\\\\)r/', DATE_RFC2822, $format ); $new_format = ''; $format_length = strlen( $format ); $month = $wp_locale->get_month( $datetime->format( 'm' ) ); $weekday = $wp_locale->get_weekday( $datetime->format( 'w' ) ); for ( $i = 0; $i < $format_length; $i++ ) { switch ( $format[ $i ] ) { case 'D': $new_format .= addcslashes( $wp_locale->get_weekday_abbrev( $weekday ), '\\A..Za..z' ); break; case 'F': $new_format .= addcslashes( $month, '\\A..Za..z' ); break; case 'l': $new_format .= addcslashes( $weekday, '\\A..Za..z' ); break; case 'M': $new_format .= addcslashes( $wp_locale->get_month_abbrev( $month ), '\\A..Za..z' ); break; case 'a': $new_format .= addcslashes( $wp_locale->get_meridiem( $datetime->format( 'a' ) ), '\\A..Za..z' ); break; case 'A': $new_format .= addcslashes( $wp_locale->get_meridiem( $datetime->format( 'A' ) ), '\\A..Za..z' ); break; case '\\': $new_format .= $format[ $i ]; // If character follows a slash, we add it without translating. if ( $i < $format_length ) { $new_format .= $format[ ++$i ]; } break; default: $new_format .= $format[ $i ]; break; } } $date = $datetime->format( $new_format ); $date = wp_maybe_decline_date( $date, $format ); } /** * Filters the date formatted based on the locale. * * @since 5.3.0 * * @param string $date Formatted date string. * @param string $format Format to display the date. * @param int $timestamp Unix timestamp. * @param DateTimeZone $timezone Timezone. */ $date = apply_filters( 'wp_date', $date, $format, $timestamp, $timezone ); return $date; } /** * Determines if the date should be declined. * * If the locale specifies that month names require a genitive case in certain * formats (like 'j F Y'), the month name will be replaced with a correct form. * * @since 4.4.0 * @since 5.4.0 The `$format` parameter was added. * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @param string $date Formatted date string. * @param string $format Optional. Date format to check. Default empty string. * @return string The date, declined if locale specifies it. */ function wp_maybe_decline_date( $date, $format = '' ) { global $wp_locale; // i18n functions are not available in SHORTINIT mode. if ( ! function_exists( '_x' ) ) { return $date; } /* * translators: If months in your language require a genitive case, * translate this to 'on'. Do not translate into your own language. */ if ( 'on' === _x( 'off', 'decline months names: on or off' ) ) { $months = $wp_locale->month; $months_genitive = $wp_locale->month_genitive; /* * Match a format like 'j F Y' or 'j. F' (day of the month, followed by month name) * and decline the month. */ if ( $format ) { $decline = preg_match( '#[dj]\.? F#', $format ); } else { // If the format is not passed, try to guess it from the date string. $decline = preg_match( '#\b\d{1,2}\.? [^\d ]+\b#u', $date ); } if ( $decline ) { foreach ( $months as $key => $month ) { $months[ $key ] = '# ' . preg_quote( $month, '#' ) . '\b#u'; } foreach ( $months_genitive as $key => $month ) { $months_genitive[ $key ] = ' ' . $month; } $date = preg_replace( $months, $months_genitive, $date ); } /* * Match a format like 'F jS' or 'F j' (month name, followed by day with an optional ordinal suffix) * and change it to declined 'j F'. */ if ( $format ) { $decline = preg_match( '#F [dj]#', $format ); } else { // If the format is not passed, try to guess it from the date string. $decline = preg_match( '#\b[^\d ]+ \d{1,2}(st|nd|rd|th)?\b#u', trim( $date ) ); } if ( $decline ) { foreach ( $months as $key => $month ) { $months[ $key ] = '#\b' . preg_quote( $month, '#' ) . ' (\d{1,2})(st|nd|rd|th)?([-–]\d{1,2})?(st|nd|rd|th)?\b#u'; } foreach ( $months_genitive as $key => $month ) { $months_genitive[ $key ] = '$1$3 ' . $month; } $date = preg_replace( $months, $months_genitive, $date ); } } // Used for locale-specific rules. $locale = get_locale(); if ( 'ca' === $locale ) { // " de abril| de agost| de octubre..." -> " d'abril| d'agost| d'octubre..." $date = preg_replace( '# de ([ao])#i', " d'\\1", $date ); } return $date; } /** * Converts float number to format based on the locale. * * @since 2.3.0 * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @param float $number The number to convert based on locale. * @param int $decimals Optional. Precision of the number of decimal places. Default 0. * @return string Converted number in string format. */ function number_format_i18n( $number, $decimals = 0 ) { global $wp_locale; if ( isset( $wp_locale ) ) { $formatted = number_format( $number, absint( $decimals ), $wp_locale->number_format['decimal_point'], $wp_locale->number_format['thousands_sep'] ); } else { $formatted = number_format( $number, absint( $decimals ) ); } /** * Filters the number formatted based on the locale. * * @since 2.8.0 * @since 4.9.0 The `$number` and `$decimals` parameters were added. * * @param string $formatted Converted number in string format. * @param float $number The number to convert based on locale. * @param int $decimals Precision of the number of decimal places. */ return apply_filters( 'number_format_i18n', $formatted, $number, $decimals ); } /** * Converts a number of bytes to the largest unit the bytes will fit into. * * It is easier to read 1 KB than 1024 bytes and 1 MB than 1048576 bytes. Converts * number of bytes to human readable number by taking the number of that unit * that the bytes will go into it. Supports YB value. * * Please note that integers in PHP are limited to 32 bits, unless they are on * 64 bit architecture, then they have 64 bit size. If you need to place the * larger size then what PHP integer type will hold, then use a string. It will * be converted to a double, which should always have 64 bit length. * * Technically the correct unit names for powers of 1024 are KiB, MiB etc. * * @since 2.3.0 * @since 6.0.0 Support for PB, EB, ZB, and YB was added. * * @param int|string $bytes Number of bytes. Note max integer size for integers. * @param int $decimals Optional. Precision of number of decimal places. Default 0. * @return string|false Number string on success, false on failure. */ function size_format( $bytes, $decimals = 0 ) { $quant = array( /* translators: Unit symbol for yottabyte. */ _x( 'YB', 'unit symbol' ) => YB_IN_BYTES, /* translators: Unit symbol for zettabyte. */ _x( 'ZB', 'unit symbol' ) => ZB_IN_BYTES, /* translators: Unit symbol for exabyte. */ _x( 'EB', 'unit symbol' ) => EB_IN_BYTES, /* translators: Unit symbol for petabyte. */ _x( 'PB', 'unit symbol' ) => PB_IN_BYTES, /* translators: Unit symbol for terabyte. */ _x( 'TB', 'unit symbol' ) => TB_IN_BYTES, /* translators: Unit symbol for gigabyte. */ _x( 'GB', 'unit symbol' ) => GB_IN_BYTES, /* translators: Unit symbol for megabyte. */ _x( 'MB', 'unit symbol' ) => MB_IN_BYTES, /* translators: Unit symbol for kilobyte. */ _x( 'KB', 'unit symbol' ) => KB_IN_BYTES, /* translators: Unit symbol for byte. */ _x( 'B', 'unit symbol' ) => 1, ); if ( 0 === $bytes ) { /* translators: Unit symbol for byte. */ return number_format_i18n( 0, $decimals ) . ' ' . _x( 'B', 'unit symbol' ); } foreach ( $quant as $unit => $mag ) { if ( (float) $bytes >= $mag ) { return number_format_i18n( $bytes / $mag, $decimals ) . ' ' . $unit; } } return false; } /** * Converts a duration to human readable format. * * @since 5.1.0 * * @param string $duration Duration will be in string format (HH:ii:ss) OR (ii:ss), * with a possible prepended negative sign (-). * @return string|false A human readable duration string, false on failure. */ function human_readable_duration( $duration = '' ) { if ( ( empty( $duration ) || ! is_string( $duration ) ) ) { return false; } $duration = trim( $duration ); // Remove prepended negative sign. if ( str_starts_with( $duration, '-' ) ) { $duration = substr( $duration, 1 ); } // Extract duration parts. $duration_parts = array_reverse( explode( ':', $duration ) ); $duration_count = count( $duration_parts ); $hour = null; $minute = null; $second = null; if ( 3 === $duration_count ) { // Validate HH:ii:ss duration format. if ( ! ( (bool) preg_match( '/^([0-9]+):([0-5]?[0-9]):([0-5]?[0-9])$/', $duration ) ) ) { return false; } // Three parts: hours, minutes & seconds. list( $second, $minute, $hour ) = $duration_parts; } elseif ( 2 === $duration_count ) { // Validate ii:ss duration format. if ( ! ( (bool) preg_match( '/^([0-5]?[0-9]):([0-5]?[0-9])$/', $duration ) ) ) { return false; } // Two parts: minutes & seconds. list( $second, $minute ) = $duration_parts; } else { return false; } $human_readable_duration = array(); // Add the hour part to the string. if ( is_numeric( $hour ) ) { /* translators: %s: Time duration in hour or hours. */ $human_readable_duration[] = sprintf( _n( '%s hour', '%s hours', $hour ), (int) $hour ); } // Add the minute part to the string. if ( is_numeric( $minute ) ) { /* translators: %s: Time duration in minute or minutes. */ $human_readable_duration[] = sprintf( _n( '%s minute', '%s minutes', $minute ), (int) $minute ); } // Add the second part to the string. if ( is_numeric( $second ) ) { /* translators: %s: Time duration in second or seconds. */ $human_readable_duration[] = sprintf( _n( '%s second', '%s seconds', $second ), (int) $second ); } return implode( ', ', $human_readable_duration ); } /** * Gets the week start and end from the datetime or date string from MySQL. * * @since 0.71 * * @param string $mysqlstring Date or datetime field type from MySQL. * @param int|string $start_of_week Optional. Start of the week as an integer. Default empty string. * @return int[] { * Week start and end dates as Unix timestamps. * * @type int $start The week start date as a Unix timestamp. * @type int $end The week end date as a Unix timestamp. * } */ function get_weekstartend( $mysqlstring, $start_of_week = '' ) { // MySQL string year. $my = substr( $mysqlstring, 0, 4 ); // MySQL string month. $mm = substr( $mysqlstring, 8, 2 ); // MySQL string day. $md = substr( $mysqlstring, 5, 2 ); // The timestamp for MySQL string day. $day = mktime( 0, 0, 0, $md, $mm, $my ); // The day of the week from the timestamp. $weekday = (int) gmdate( 'w', $day ); if ( ! is_numeric( $start_of_week ) ) { $start_of_week = (int) get_option( 'start_of_week' ); } if ( $weekday < $start_of_week ) { $weekday += 7; } // The most recent week start day on or before $day. $start = $day - DAY_IN_SECONDS * ( $weekday - $start_of_week ); // $start + 1 week - 1 second. $end = $start + WEEK_IN_SECONDS - 1; return compact( 'start', 'end' ); } /** * Serializes data, if needed. * * @since 2.0.5 * * @param string|array|object $data Data that might be serialized. * @return mixed A scalar data. */ function maybe_serialize( $data ) { if ( is_array( $data ) || is_object( $data ) ) { return serialize( $data ); } /* * Double serialization is required for backward compatibility. * See https://core.trac.wordpress.org/ticket/12930 * Also the world will end. See WP 3.6.1. */ if ( is_serialized( $data, false ) ) { return serialize( $data ); } return $data; } /** * Unserializes data only if it was serialized. * * @since 2.0.0 * * @param string $data Data that might be unserialized. * @return mixed Unserialized data can be any type. */ function maybe_unserialize( $data ) { if ( is_serialized( $data ) ) { // Don't attempt to unserialize data that wasn't serialized going in. return @unserialize( trim( $data ) ); } return $data; } /** * Checks value to find if it was serialized. * * If $data is not a string, then returned value will always be false. * Serialized data is always a string. * * @since 2.0.5 * @since 6.1.0 Added Enum support. * * @param string $data Value to check to see if was serialized. * @param bool $strict Optional. Whether to be strict about the end of the string. Default true. * @return bool False if not serialized and true if it was. */ function is_serialized( $data, $strict = true ) { // If it isn't a string, it isn't serialized. if ( ! is_string( $data ) ) { return false; } $data = trim( $data ); if ( 'N;' === $data ) { return true; } if ( strlen( $data ) < 4 ) { return false; } if ( ':' !== $data[1] ) { return false; } if ( $strict ) { $lastc = substr( $data, -1 ); if ( ';' !== $lastc && '}' !== $lastc ) { return false; } } else { $semicolon = strpos( $data, ';' ); $brace = strpos( $data, '}' ); // Either ; or } must exist. if ( false === $semicolon && false === $brace ) { return false; } // But neither must be in the first X characters. if ( false !== $semicolon && $semicolon < 3 ) { return false; } if ( false !== $brace && $brace < 4 ) { return false; } } $token = $data[0]; switch ( $token ) { case 's': if ( $strict ) { if ( '"' !== substr( $data, -2, 1 ) ) { return false; } } elseif ( ! str_contains( $data, '"' ) ) { return false; } // Or else fall through. case 'a': case 'O': case 'E': return (bool) preg_match( "/^{$token}:[0-9]+:/s", $data ); case 'b': case 'i': case 'd': $end = $strict ? '$' : ''; return (bool) preg_match( "/^{$token}:[0-9.E+-]+;$end/", $data ); } return false; } /** * Checks whether serialized data is of string type. * * @since 2.0.5 * * @param string $data Serialized data. * @return bool False if not a serialized string, true if it is. */ function is_serialized_string( $data ) { // if it isn't a string, it isn't a serialized string. if ( ! is_string( $data ) ) { return false; } $data = trim( $data ); if ( strlen( $data ) < 4 ) { return false; } elseif ( ':' !== $data[1] ) { return false; } elseif ( ! str_ends_with( $data, ';' ) ) { return false; } elseif ( 's' !== $data[0] ) { return false; } elseif ( '"' !== substr( $data, -2, 1 ) ) { return false; } else { return true; } } /** * Retrieves post title from XML-RPC XML. * * If the `title` element is not found in the XML, the default post title * from the `$post_default_title` global will be used instead. * * @since 0.71 * * @global string $post_default_title Default XML-RPC post title. * * @param string $content XML-RPC XML Request content. * @return string Post title. */ function xmlrpc_getposttitle( $content ) { global $post_default_title; if ( preg_match( '/<title>(.+?)<\/title>/is', $content, $matchtitle ) ) { $post_title = $matchtitle[1]; } else { $post_title = $post_default_title; } return $post_title; } /** * Retrieves the post category or categories from XML-RPC XML. * * If the `category` element is not found in the XML, the default post category * from the `$post_default_category` global will be used instead. * The return type will then be a string. * * If the `category` element is found, the return type will be an array. * * @since 0.71 * * @global string $post_default_category Default XML-RPC post category. * * @param string $content XML-RPC XML Request content. * @return string[]|string An array of category names or default category name. */ function xmlrpc_getpostcategory( $content ) { global $post_default_category; if ( preg_match( '/<category>(.+?)<\/category>/is', $content, $matchcat ) ) { $post_category = trim( $matchcat[1], ',' ); $post_category = explode( ',', $post_category ); } else { $post_category = $post_default_category; } return $post_category; } /** * XML-RPC XML content without title and category elements. * * @since 0.71 * * @param string $content XML-RPC XML Request content. * @return string XML-RPC XML Request content without title and category elements. */ function xmlrpc_removepostdata( $content ) { $content = preg_replace( '/<title>(.+?)<\/title>/si', '', $content ); $content = preg_replace( '/<category>(.+?)<\/category>/si', '', $content ); $content = trim( $content ); return $content; } /** * Uses RegEx to extract URLs from arbitrary content. * * @since 3.7.0 * @since 6.0.0 Fixes support for HTML entities (Trac 30580). * * @param string $content Content to extract URLs from. * @return string[] Array of URLs found in passed string. */ function wp_extract_urls( $content ) { preg_match_all( "#([\"']?)(" . '(?:([\w-]+:)?//?)' . '[^\s()<>]+' . '[.]' . '(?:' . '\([\w\d]+\)|' . '(?:' . "[^`!()\[\]{}:'\".,<>«»“”‘’\s]|" . '(?:[:]\d+)?/?' . ')+' . ')' . ")\\1#", $content, $post_links ); $post_links = array_unique( array_map( static function ( $link ) { // Decode to replace valid entities, like &. $link = html_entity_decode( $link ); // Maintain backward compatibility by removing extraneous semi-colons (`;`). return str_replace( ';', '', $link ); }, $post_links[2] ) ); return array_values( $post_links ); } /** * Checks content for video and audio links to add as enclosures. * * Will not add enclosures that have already been added and will * remove enclosures that are no longer in the post. This is called as * pingbacks and trackbacks. * * @since 1.5.0 * @since 5.3.0 The `$content` parameter was made optional, and the `$post` parameter was * updated to accept a post ID or a WP_Post object. * @since 5.6.0 The `$content` parameter is no longer optional, but passing `null` to skip it * is still supported. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string|null $content Post content. If `null`, the `post_content` field from `$post` is used. * @param int|WP_Post $post Post ID or post object. * @return void|false Void on success, false if the post is not found. */ function do_enclose( $content, $post ) { global $wpdb; // @todo Tidy this code and make the debug code optional. require_once ABSPATH . WPINC . '/class-IXR.php'; $post = get_post( $post ); if ( ! $post ) { return false; } if ( null === $content ) { $content = $post->post_content; } $post_links = array(); $pung = get_enclosed( $post->ID ); $post_links_temp = wp_extract_urls( $content ); foreach ( $pung as $link_test ) { // Link is no longer in post. if ( ! in_array( $link_test, $post_links_temp, true ) ) { $mids = $wpdb->get_col( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE %s", $post->ID, $wpdb->esc_like( $link_test ) . '%' ) ); foreach ( $mids as $mid ) { delete_metadata_by_mid( 'post', $mid ); } } } foreach ( (array) $post_links_temp as $link_test ) { // If we haven't pung it already. if ( ! in_array( $link_test, $pung, true ) ) { $test = parse_url( $link_test ); if ( false === $test ) { continue; } if ( isset( $test['query'] ) ) { $post_links[] = $link_test; } elseif ( isset( $test['path'] ) && ( '/' !== $test['path'] ) && ( '' !== $test['path'] ) ) { $post_links[] = $link_test; } } } /** * Filters the list of enclosure links before querying the database. * * Allows for the addition and/or removal of potential enclosures to save * to postmeta before checking the database for existing enclosures. * * @since 4.4.0 * * @param string[] $post_links An array of enclosure links. * @param int $post_id Post ID. */ $post_links = apply_filters( 'enclosure_links', $post_links, $post->ID ); foreach ( (array) $post_links as $url ) { $url = strip_fragment_from_url( $url ); if ( '' !== $url && ! $wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE %s", $post->ID, $wpdb->esc_like( $url ) . '%' ) ) ) { $headers = wp_get_http_headers( $url ); if ( $headers ) { $len = isset( $headers['Content-Length'] ) ? (int) $headers['Content-Length'] : 0; $type = isset( $headers['Content-Type'] ) ? $headers['Content-Type'] : ''; $allowed_types = array( 'video', 'audio' ); // Check to see if we can figure out the mime type from the extension. $url_parts = parse_url( $url ); if ( false !== $url_parts && ! empty( $url_parts['path'] ) ) { $extension = pathinfo( $url_parts['path'], PATHINFO_EXTENSION ); if ( ! empty( $extension ) ) { foreach ( wp_get_mime_types() as $exts => $mime ) { if ( preg_match( '!^(' . $exts . ')$!i', $extension ) ) { $type = $mime; break; } } } } if ( in_array( substr( $type, 0, strpos( $type, '/' ) ), $allowed_types, true ) ) { add_post_meta( $post->ID, 'enclosure', "$url\n$len\n$mime\n" ); } } } } } /** * Retrieves HTTP Headers from URL. * * @since 1.5.1 * * @param string $url URL to retrieve HTTP headers from. * @param bool $deprecated Not Used. * @return \WpOrg\Requests\Utility\CaseInsensitiveDictionary|false Headers on success, false on failure. */ function wp_get_http_headers( $url, $deprecated = false ) { if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '2.7.0' ); } $response = wp_safe_remote_head( $url ); if ( is_wp_error( $response ) ) { return false; } return wp_remote_retrieve_headers( $response ); } /** * Determines whether the publish date of the current post in the loop is different * from the publish date of the previous post in the loop. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 0.71 * * @global string $currentday The day of the current post in the loop. * @global string $previousday The day of the previous post in the loop. * * @return int 1 when new day, 0 if not a new day. */ function is_new_day() { global $currentday, $previousday; if ( $currentday !== $previousday ) { return 1; } else { return 0; } } /** * Builds a URL query based on an associative or indexed array. * * This is a convenient function for easily building URL queries. * It sets the separator to '&' and uses the _http_build_query() function. * * @since 2.3.0 * * @see _http_build_query() Used to build the query * @link https://www.php.net/manual/en/function.http-build-query.php for more on what * http_build_query() does. * * @param array $data URL-encode key/value pairs. * @return string URL-encoded string. */ function build_query( $data ) { return _http_build_query( $data, null, '&', '', false ); } /** * From php.net (modified by Mark Jaquith to behave like the native PHP5 function). * * @since 3.2.0 * @access private * * @see https://www.php.net/manual/en/function.http-build-query.php * * @param array|object $data An array or object of data. Converted to array. * @param string $prefix Optional. Numeric index. If set, start parameter numbering with it. * Default null. * @param string $sep Optional. Argument separator; defaults to 'arg_separator.output'. * Default null. * @param string $key Optional. Used to prefix key name. Default empty string. * @param bool $urlencode Optional. Whether to use urlencode() in the result. Default true. * @return string The query string. */ function _http_build_query( $data, $prefix = null, $sep = null, $key = '', $urlencode = true ) { $ret = array(); foreach ( (array) $data as $k => $v ) { if ( $urlencode ) { $k = urlencode( $k ); } if ( is_int( $k ) && null !== $prefix ) { $k = $prefix . $k; } if ( ! empty( $key ) ) { $k = $key . '%5B' . $k . '%5D'; } if ( null === $v ) { continue; } elseif ( false === $v ) { $v = '0'; } if ( is_array( $v ) || is_object( $v ) ) { array_push( $ret, _http_build_query( $v, '', $sep, $k, $urlencode ) ); } elseif ( $urlencode ) { array_push( $ret, $k . '=' . urlencode( $v ) ); } else { array_push( $ret, $k . '=' . $v ); } } if ( null === $sep ) { $sep = ini_get( 'arg_separator.output' ); } return implode( $sep, $ret ); } /** * Retrieves a modified URL query string. * * You can rebuild the URL and append query variables to the URL query by using this function. * There are two ways to use this function; either a single key and value, or an associative array. * * Using a single key and value: * * add_query_arg( 'key', 'value', 'http://example.com' ); * * Using an associative array: * * add_query_arg( array( * 'key1' => 'value1', * 'key2' => 'value2', * ), 'http://example.com' ); * * Omitting the URL from either use results in the current URL being used * (the value of `$_SERVER['REQUEST_URI']`). * * Values are expected to be encoded appropriately with urlencode() or rawurlencode(). * * Setting any query variable's value to boolean false removes the key (see remove_query_arg()). * * Important: The return value of add_query_arg() is not escaped by default. Output should be * late-escaped with esc_url() or similar to help prevent vulnerability to cross-site scripting * (XSS) attacks. * * @since 1.5.0 * @since 5.3.0 Formalized the existing and already documented parameters * by adding `...$args` to the function signature. * * @param string|array $key Either a query variable key, or an associative array of query variables. * @param string $value Optional. Either a query variable value, or a URL to act upon. * @param string $url Optional. A URL to act upon. * @return string New URL query string (unescaped). */ function add_query_arg( ...$args ) { if ( is_array( $args[0] ) ) { if ( count( $args ) < 2 || false === $args[1] ) { $uri = $_SERVER['REQUEST_URI']; } else { $uri = $args[1]; } } else { if ( count( $args ) < 3 || false === $args[2] ) { $uri = $_SERVER['REQUEST_URI']; } else { $uri = $args[2]; } } $frag = strstr( $uri, '#' ); if ( $frag ) { $uri = substr( $uri, 0, -strlen( $frag ) ); } else { $frag = ''; } if ( 0 === stripos( $uri, 'http://' ) ) { $protocol = 'http://'; $uri = substr( $uri, 7 ); } elseif ( 0 === stripos( $uri, 'https://' ) ) { $protocol = 'https://'; $uri = substr( $uri, 8 ); } else { $protocol = ''; } if ( str_contains( $uri, '?' ) ) { list( $base, $query ) = explode( '?', $uri, 2 ); $base .= '?'; } elseif ( $protocol || ! str_contains( $uri, '=' ) ) { $base = $uri . '?'; $query = ''; } else { $base = ''; $query = $uri; } wp_parse_str( $query, $qs ); $qs = urlencode_deep( $qs ); // This re-URL-encodes things that were already in the query string. if ( is_array( $args[0] ) ) { foreach ( $args[0] as $k => $v ) { $qs[ $k ] = $v; } } else { $qs[ $args[0] ] = $args[1]; } foreach ( $qs as $k => $v ) { if ( false === $v ) { unset( $qs[ $k ] ); } } $ret = build_query( $qs ); $ret = trim( $ret, '?' ); $ret = preg_replace( '#=(&|$)#', '$1', $ret ); $ret = $protocol . $base . $ret . $frag; $ret = rtrim( $ret, '?' ); $ret = str_replace( '?#', '#', $ret ); return $ret; } /** * Removes an item or items from a query string. * * Important: The return value of remove_query_arg() is not escaped by default. Output should be * late-escaped with esc_url() or similar to help prevent vulnerability to cross-site scripting * (XSS) attacks. * * @since 1.5.0 * * @param string|string[] $key Query key or keys to remove. * @param false|string $query Optional. When false uses the current URL. Default false. * @return string New URL query string. */ function remove_query_arg( $key, $query = false ) { if ( is_array( $key ) ) { // Removing multiple keys. foreach ( $key as $k ) { $query = add_query_arg( $k, false, $query ); } return $query; } return add_query_arg( $key, false, $query ); } /** * Returns an array of single-use query variable names that can be removed from a URL. * * @since 4.4.0 * * @return string[] An array of query variable names to remove from the URL. */ function wp_removable_query_args() { $removable_query_args = array( 'activate', 'activated', 'admin_email_remind_later', 'approved', 'core-major-auto-updates-saved', 'deactivate', 'delete_count', 'deleted', 'disabled', 'doing_wp_cron', 'enabled', 'error', 'hotkeys_highlight_first', 'hotkeys_highlight_last', 'ids', 'locked', 'message', 'same', 'saved', 'settings-updated', 'skipped', 'spammed', 'trashed', 'unspammed', 'untrashed', 'update', 'updated', 'wp-post-new-reload', ); /** * Filters the list of query variable names to remove. * * @since 4.2.0 * * @param string[] $removable_query_args An array of query variable names to remove from a URL. */ return apply_filters( 'removable_query_args', $removable_query_args ); } /** * Walks the array while sanitizing the contents. * * @since 0.71 * @since 5.5.0 Non-string values are left untouched. * * @param array $input_array Array to walk while sanitizing contents. * @return array Sanitized $input_array. */ function add_magic_quotes( $input_array ) { foreach ( (array) $input_array as $k => $v ) { if ( is_array( $v ) ) { $input_array[ $k ] = add_magic_quotes( $v ); } elseif ( is_string( $v ) ) { $input_array[ $k ] = addslashes( $v ); } } return $input_array; } /** * HTTP request for URI to retrieve content. * * @since 1.5.1 * * @see wp_safe_remote_get() * * @param string $uri URI/URL of web page to retrieve. * @return string|false HTTP content. False on failure. */ function wp_remote_fopen( $uri ) { $parsed_url = parse_url( $uri ); if ( ! $parsed_url || ! is_array( $parsed_url ) ) { return false; } $options = array(); $options['timeout'] = 10; $response = wp_safe_remote_get( $uri, $options ); if ( is_wp_error( $response ) ) { return false; } return wp_remote_retrieve_body( $response ); } /** * Sets up the WordPress query. * * @since 2.0.0 * * @global WP $wp Current WordPress environment instance. * @global WP_Query $wp_query WordPress Query object. * @global WP_Query $wp_the_query Copy of the WordPress Query object. * * @param string|array $query_vars Default WP_Query arguments. */ function wp( $query_vars = '' ) { global $wp, $wp_query, $wp_the_query; $wp->main( $query_vars ); if ( ! isset( $wp_the_query ) ) { $wp_the_query = $wp_query; } } /** * Retrieves the description for the HTTP status. * * @since 2.3.0 * @since 3.9.0 Added status codes 418, 428, 429, 431, and 511. * @since 4.5.0 Added status codes 308, 421, and 451. * @since 5.1.0 Added status code 103. * @since 6.6.0 Added status code 425. * * @global array $wp_header_to_desc * * @param int $code HTTP status code. * @return string Status description if found, an empty string otherwise. */ function get_status_header_desc( $code ) { global $wp_header_to_desc; $code = absint( $code ); if ( ! isset( $wp_header_to_desc ) ) { $wp_header_to_desc = array( 100 => 'Continue', 101 => 'Switching Protocols', 102 => 'Processing', 103 => 'Early Hints', 200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content', 207 => 'Multi-Status', 226 => 'IM Used', 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 306 => 'Reserved', 307 => 'Temporary Redirect', 308 => 'Permanent Redirect', 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Timeout', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Long', 415 => 'Unsupported Media Type', 416 => 'Requested Range Not Satisfiable', 417 => 'Expectation Failed', 418 => 'I\'m a teapot', 421 => 'Misdirected Request', 422 => 'Unprocessable Entity', 423 => 'Locked', 424 => 'Failed Dependency', 425 => 'Too Early', 426 => 'Upgrade Required', 428 => 'Precondition Required', 429 => 'Too Many Requests', 431 => 'Request Header Fields Too Large', 451 => 'Unavailable For Legal Reasons', 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Timeout', 505 => 'HTTP Version Not Supported', 506 => 'Variant Also Negotiates', 507 => 'Insufficient Storage', 510 => 'Not Extended', 511 => 'Network Authentication Required', ); } if ( isset( $wp_header_to_desc[ $code ] ) ) { return $wp_header_to_desc[ $code ]; } else { return ''; } } /** * Sets HTTP status header. * * @since 2.0.0 * @since 4.4.0 Added the `$description` parameter. * * @see get_status_header_desc() * * @param int $code HTTP status code. * @param string $description Optional. A custom description for the HTTP status. * Defaults to the result of get_status_header_desc() for the given code. */ function status_header( $code, $description = '' ) { if ( ! $description ) { $description = get_status_header_desc( $code ); } if ( empty( $description ) ) { return; } $protocol = wp_get_server_protocol(); $status_header = "$protocol $code $description"; if ( function_exists( 'apply_filters' ) ) { /** * Filters an HTTP status header. * * @since 2.2.0 * * @param string $status_header HTTP status header. * @param int $code HTTP status code. * @param string $description Description for the status code. * @param string $protocol Server protocol. */ $status_header = apply_filters( 'status_header', $status_header, $code, $description, $protocol ); } if ( ! headers_sent() ) { header( $status_header, true, $code ); } } /** * Gets the HTTP header information to prevent caching. * * The several different headers cover the different ways cache prevention * is handled by different browsers or intermediate caches such as proxy servers. * * @since 2.8.0 * @since 6.3.0 The `Cache-Control` header for logged in users now includes the * `no-store` and `private` directives. * @since 6.8.0 The `Cache-Control` header now includes the `no-store` and `private` * directives regardless of whether a user is logged in. * * @return array The associative array of header names and field values. */ function wp_get_nocache_headers() { $cache_control = 'no-cache, must-revalidate, max-age=0, no-store, private'; $headers = array( 'Expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'Cache-Control' => $cache_control, ); if ( function_exists( 'apply_filters' ) ) { /** * Filters the cache-controlling HTTP headers that are used to prevent caching. * * @since 2.8.0 * * @see wp_get_nocache_headers() * * @param array $headers Header names and field values. */ $headers = (array) apply_filters( 'nocache_headers', $headers ); } $headers['Last-Modified'] = false; return $headers; } /** * Sets the HTTP headers to prevent caching for the different browsers. * * Different browsers support different nocache headers, so several * headers must be sent so that all of them get the point that no * caching should occur. * * @since 2.0.0 * * @see wp_get_nocache_headers() */ function nocache_headers() { if ( headers_sent() ) { return; } $headers = wp_get_nocache_headers(); unset( $headers['Last-Modified'] ); header_remove( 'Last-Modified' ); foreach ( $headers as $name => $field_value ) { header( "{$name}: {$field_value}" ); } } /** * Sets the HTTP headers for caching for 10 days with JavaScript content type. * * @since 2.1.0 */ function cache_javascript_headers() { $expires_offset = 10 * DAY_IN_SECONDS; header( 'Content-Type: text/javascript; charset=' . get_bloginfo( 'charset' ) ); header( 'Vary: Accept-Encoding' ); // Handle proxies. header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + $expires_offset ) . ' GMT' ); } /** * Retrieves the number of database queries during the WordPress execution. * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return int Number of database queries. */ function get_num_queries() { global $wpdb; return $wpdb->num_queries; } /** * Determines whether input is yes or no. * * Must be 'y' to be true. * * @since 1.0.0 * * @param string $yn Character string containing either 'y' (yes) or 'n' (no). * @return bool True if 'y', false on anything else. */ function bool_from_yn( $yn ) { return ( 'y' === strtolower( $yn ) ); } /** * Loads the feed template from the use of an action hook. * * If the feed action does not have a hook, then the function will die with a * message telling the visitor that the feed is not valid. * * It is better to only have one hook for each feed. * * @since 2.1.0 * * @global WP_Query $wp_query WordPress Query object. */ function do_feed() { global $wp_query; $feed = get_query_var( 'feed' ); // Remove the pad, if present. $feed = preg_replace( '/^_+/', '', $feed ); if ( '' === $feed || 'feed' === $feed ) { $feed = get_default_feed(); } if ( ! has_action( "do_feed_{$feed}" ) ) { wp_die( __( '<strong>Error:</strong> This is not a valid feed template.' ), '', array( 'response' => 404 ) ); } /** * Fires once the given feed is loaded. * * The dynamic portion of the hook name, `$feed`, refers to the feed template name. * * Possible hook names include: * * - `do_feed_atom` * - `do_feed_rdf` * - `do_feed_rss` * - `do_feed_rss2` * * @since 2.1.0 * @since 4.4.0 The `$feed` parameter was added. * * @param bool $is_comment_feed Whether the feed is a comment feed. * @param string $feed The feed name. */ do_action( "do_feed_{$feed}", $wp_query->is_comment_feed, $feed ); } /** * Loads the RDF RSS 0.91 Feed template. * * @since 2.1.0 * * @see load_template() */ function do_feed_rdf() { load_template( ABSPATH . WPINC . '/feed-rdf.php' ); } /** * Loads the RSS 1.0 Feed Template. * * @since 2.1.0 * * @see load_template() */ function do_feed_rss() { load_template( ABSPATH . WPINC . '/feed-rss.php' ); } /** * Loads either the RSS2 comment feed or the RSS2 posts feed. * * @since 2.1.0 * * @see load_template() * * @param bool $for_comments True for the comment feed, false for normal feed. */ function do_feed_rss2( $for_comments ) { if ( $for_comments ) { load_template( ABSPATH . WPINC . '/feed-rss2-comments.php' ); } else { load_template( ABSPATH . WPINC . '/feed-rss2.php' ); } } /** * Loads either Atom comment feed or Atom posts feed. * * @since 2.1.0 * * @see load_template() * * @param bool $for_comments True for the comment feed, false for normal feed. */ function do_feed_atom( $for_comments ) { if ( $for_comments ) { load_template( ABSPATH . WPINC . '/feed-atom-comments.php' ); } else { load_template( ABSPATH . WPINC . '/feed-atom.php' ); } } /** * Displays the default robots.txt file content. * * @since 2.1.0 * @since 5.3.0 Remove the "Disallow: /" output if search engine visibility is * discouraged in favor of robots meta HTML tag via wp_robots_no_robots() * filter callback. */ function do_robots() { header( 'Content-Type: text/plain; charset=utf-8' ); /** * Fires when displaying the robots.txt file. * * @since 2.1.0 */ do_action( 'do_robotstxt' ); $output = "User-agent: *\n"; $public = (bool) get_option( 'blog_public' ); $site_url = parse_url( site_url() ); $path = ( ! empty( $site_url['path'] ) ) ? $site_url['path'] : ''; $output .= "Disallow: $path/wp-admin/\n"; $output .= "Allow: $path/wp-admin/admin-ajax.php\n"; /** * Filters the robots.txt output. * * @since 3.0.0 * * @param string $output The robots.txt output. * @param bool $public Whether the site is considered "public". */ echo apply_filters( 'robots_txt', $output, $public ); } /** * Displays the favicon.ico file content. * * @since 5.4.0 */ function do_favicon() { /** * Fires when serving the favicon.ico file. * * @since 5.4.0 */ do_action( 'do_faviconico' ); wp_redirect( get_site_icon_url( 32, includes_url( 'images/w-logo-blue-white-bg.png' ) ) ); exit; } /** * Determines whether WordPress is already installed. * * The cache will be checked first. If you have a cache plugin, which saves * the cache values, then this will work. If you use the default WordPress * cache, and the database goes away, then you might have problems. * * Checks for the 'siteurl' option for whether WordPress is installed. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return bool Whether the site is already installed. */ function is_blog_installed() { global $wpdb; /* * Check cache first. If options table goes away and we have true * cached, oh well. */ if ( wp_cache_get( 'is_blog_installed' ) ) { return true; } $suppress = $wpdb->suppress_errors(); if ( ! wp_installing() ) { $alloptions = wp_load_alloptions(); } // If siteurl is not set to autoload, check it specifically. if ( ! isset( $alloptions['siteurl'] ) ) { $installed = $wpdb->get_var( "SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'" ); } else { $installed = $alloptions['siteurl']; } $wpdb->suppress_errors( $suppress ); $installed = ! empty( $installed ); wp_cache_set( 'is_blog_installed', $installed ); if ( $installed ) { return true; } // If visiting repair.php, return true and let it take over. if ( defined( 'WP_REPAIRING' ) ) { return true; } $suppress = $wpdb->suppress_errors(); /* * Loop over the WP tables. If none exist, then scratch installation is allowed. * If one or more exist, suggest table repair since we got here because the * options table could not be accessed. */ $wp_tables = $wpdb->tables(); foreach ( $wp_tables as $table ) { // The existence of custom user tables shouldn't suggest an unwise state or prevent a clean installation. if ( defined( 'CUSTOM_USER_TABLE' ) && CUSTOM_USER_TABLE === $table ) { continue; } if ( defined( 'CUSTOM_USER_META_TABLE' ) && CUSTOM_USER_META_TABLE === $table ) { continue; } $described_table = $wpdb->get_results( "DESCRIBE $table;" ); if ( ( ! $described_table && empty( $wpdb->last_error ) ) || ( is_array( $described_table ) && 0 === count( $described_table ) ) ) { continue; } // One or more tables exist. This is not good. wp_load_translations_early(); // Die with a DB error. $wpdb->error = sprintf( /* translators: %s: Database repair URL. */ __( 'One or more database tables are unavailable. The database may need to be <a href="%s">repaired</a>.' ), 'maint/repair.php?referrer=is_blog_installed' ); dead_db(); } $wpdb->suppress_errors( $suppress ); wp_cache_set( 'is_blog_installed', false ); return false; } /** * Retrieves URL with nonce added to URL query. * * @since 2.0.4 * * @param string $actionurl URL to add nonce action. * @param int|string $action Optional. Nonce action name. Default -1. * @param string $name Optional. Nonce name. Default '_wpnonce'. * @return string Escaped URL with nonce action added. */ function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) { $actionurl = str_replace( '&', '&', $actionurl ); return esc_html( add_query_arg( $name, wp_create_nonce( $action ), $actionurl ) ); } /** * Retrieves or display nonce hidden field for forms. * * The nonce field is used to validate that the contents of the form came from * the location on the current site and not somewhere else. The nonce does not * offer absolute protection, but should protect against most cases. It is very * important to use nonce field in forms. * * The $action and $name are optional, but if you want to have better security, * it is strongly suggested to set those two parameters. It is easier to just * call the function without any parameters, because validation of the nonce * doesn't require any parameters, but since crackers know what the default is * it won't be difficult for them to find a way around your nonce and cause * damage. * * The input name will be whatever $name value you gave. The input value will be * the nonce creation value. * * @since 2.0.4 * * @param int|string $action Optional. Action name. Default -1. * @param string $name Optional. Nonce name. Default '_wpnonce'. * @param bool $referer Optional. Whether to set the referer field for validation. Default true. * @param bool $display Optional. Whether to display or return hidden form field. Default true. * @return string Nonce field HTML markup. */ function wp_nonce_field( $action = -1, $name = '_wpnonce', $referer = true, $display = true ) { $name = esc_attr( $name ); $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; if ( $referer ) { $nonce_field .= wp_referer_field( false ); } if ( $display ) { echo $nonce_field; } return $nonce_field; } /** * Retrieves or displays referer hidden field for forms. * * The referer link is the current Request URI from the server super global. The * input name is '_wp_http_referer', in case you wanted to check manually. * * @since 2.0.4 * * @param bool $display Optional. Whether to echo or return the referer field. Default true. * @return string Referer field HTML markup. */ function wp_referer_field( $display = true ) { $request_url = remove_query_arg( '_wp_http_referer' ); $referer_field = '<input type="hidden" name="_wp_http_referer" value="' . esc_url( $request_url ) . '" />'; if ( $display ) { echo $referer_field; } return $referer_field; } /** * Retrieves or displays original referer hidden field for forms. * * The input name is '_wp_original_http_referer' and will be either the same * value of wp_referer_field(), if that was posted already or it will be the * current page, if it doesn't exist. * * @since 2.0.4 * * @param bool $display Optional. Whether to echo the original http referer. Default true. * @param string $jump_back_to Optional. Can be 'previous' or page you want to jump back to. * Default 'current'. * @return string Original referer field. */ function wp_original_referer_field( $display = true, $jump_back_to = 'current' ) { $ref = wp_get_original_referer(); if ( ! $ref ) { $ref = ( 'previous' === $jump_back_to ) ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] ); } $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( $ref ) . '" />'; if ( $display ) { echo $orig_referer_field; } return $orig_referer_field; } /** * Retrieves referer from '_wp_http_referer' or HTTP referer. * * If it's the same as the current request URL, will return false. * * @since 2.0.4 * * @return string|false Referer URL on success, false on failure. */ function wp_get_referer() { // Return early if called before wp_validate_redirect() is defined. if ( ! function_exists( 'wp_validate_redirect' ) ) { return false; } $ref = wp_get_raw_referer(); if ( $ref && wp_unslash( $_SERVER['REQUEST_URI'] ) !== $ref && home_url() . wp_unslash( $_SERVER['REQUEST_URI'] ) !== $ref ) { return wp_validate_redirect( $ref, false ); } return false; } /** * Retrieves unvalidated referer from the '_wp_http_referer' URL query variable or the HTTP referer. * * If the value of the '_wp_http_referer' URL query variable is not a string then it will be ignored. * * Do not use for redirects, use wp_get_referer() instead. * * @since 4.5.0 * * @return string|false Referer URL on success, false on failure. */ function wp_get_raw_referer() { if ( ! empty( $_REQUEST['_wp_http_referer'] ) && is_string( $_REQUEST['_wp_http_referer'] ) ) { return wp_unslash( $_REQUEST['_wp_http_referer'] ); } elseif ( ! empty( $_SERVER['HTTP_REFERER'] ) ) { return wp_unslash( $_SERVER['HTTP_REFERER'] ); } return false; } /** * Retrieves original referer that was posted, if it exists. * * @since 2.0.4 * * @return string|false Original referer URL on success, false on failure. */ function wp_get_original_referer() { // Return early if called before wp_validate_redirect() is defined. if ( ! function_exists( 'wp_validate_redirect' ) ) { return false; } if ( ! empty( $_REQUEST['_wp_original_http_referer'] ) ) { return wp_validate_redirect( wp_unslash( $_REQUEST['_wp_original_http_referer'] ), false ); } return false; } /** * Recursive directory creation based on full path. * * Will attempt to set permissions on folders. * * @since 2.0.1 * * @param string $target Full path to attempt to create. * @return bool Whether the path was created. True if path already exists. */ function wp_mkdir_p( $target ) { $wrapper = null; // Strip the protocol. if ( wp_is_stream( $target ) ) { list( $wrapper, $target ) = explode( '://', $target, 2 ); } // From php.net/mkdir user contributed notes. $target = str_replace( '//', '/', $target ); // Put the wrapper back on the target. if ( null !== $wrapper ) { $target = $wrapper . '://' . $target; } /* * Safe mode fails with a trailing slash under certain PHP versions. * Use rtrim() instead of untrailingslashit to avoid formatting.php dependency. */ $target = rtrim( $target, '/' ); if ( empty( $target ) ) { $target = '/'; } if ( file_exists( $target ) ) { return @is_dir( $target ); } // Do not allow path traversals. if ( str_contains( $target, '../' ) || str_contains( $target, '..' . DIRECTORY_SEPARATOR ) ) { return false; } // We need to find the permissions of the parent folder that exists and inherit that. $target_parent = dirname( $target ); while ( '.' !== $target_parent && ! is_dir( $target_parent ) && dirname( $target_parent ) !== $target_parent ) { $target_parent = dirname( $target_parent ); } // Get the permission bits. $stat = @stat( $target_parent ); if ( $stat ) { $dir_perms = $stat['mode'] & 0007777; } else { $dir_perms = 0777; } if ( @mkdir( $target, $dir_perms, true ) ) { /* * If a umask is set that modifies $dir_perms, we'll have to re-set * the $dir_perms correctly with chmod() */ if ( ( $dir_perms & ~umask() ) !== $dir_perms ) { $folder_parts = explode( '/', substr( $target, strlen( $target_parent ) + 1 ) ); for ( $i = 1, $c = count( $folder_parts ); $i <= $c; $i++ ) { chmod( $target_parent . '/' . implode( '/', array_slice( $folder_parts, 0, $i ) ), $dir_perms ); } } return true; } return false; } /** * Tests if a given filesystem path is absolute. * * For example, '/foo/bar', or 'c:\windows'. * * @since 2.5.0 * * @param string $path File path. * @return bool True if path is absolute, false is not absolute. */ function path_is_absolute( $path ) { /* * Check to see if the path is a stream and check to see if its an actual * path or file as realpath() does not support stream wrappers. */ if ( wp_is_stream( $path ) && ( is_dir( $path ) || is_file( $path ) ) ) { return true; } /* * This is definitive if true but fails if $path does not exist or contains * a symbolic link. */ if ( realpath( $path ) === $path ) { return true; } if ( strlen( $path ) === 0 || '.' === $path[0] ) { return false; } // Windows allows absolute paths like this. if ( preg_match( '#^[a-zA-Z]:\\\\#', $path ) ) { return true; } // A path starting with / or \ is absolute; anything else is relative. return ( '/' === $path[0] || '\\' === $path[0] ); } /** * Joins two filesystem paths together. * * For example, 'give me $path relative to $base'. If the $path is absolute, * then it the full path is returned. * * @since 2.5.0 * * @param string $base Base path. * @param string $path Path relative to $base. * @return string The path with the base or absolute path. */ function path_join( $base, $path ) { if ( path_is_absolute( $path ) ) { return $path; } return rtrim( $base, '/' ) . '/' . $path; } /** * Normalizes a filesystem path. * * On windows systems, replaces backslashes with forward slashes * and forces upper-case drive letters. * Allows for two leading slashes for Windows network shares, but * ensures that all other duplicate slashes are reduced to a single. * * @since 3.9.0 * @since 4.4.0 Ensures upper-case drive letters on Windows systems. * @since 4.5.0 Allows for Windows network shares. * @since 4.9.7 Allows for PHP file wrappers. * * @param string $path Path to normalize. * @return string Normalized path. */ function wp_normalize_path( $path ) { $wrapper = ''; if ( wp_is_stream( $path ) ) { list( $wrapper, $path ) = explode( '://', $path, 2 ); $wrapper .= '://'; } // Standardize all paths to use '/'. $path = str_replace( '\\', '/', $path ); // Replace multiple slashes down to a singular, allowing for network shares having two slashes. $path = preg_replace( '|(?<=.)/+|', '/', $path ); // Windows paths should uppercase the drive letter. if ( ':' === substr( $path, 1, 1 ) ) { $path = ucfirst( $path ); } return $wrapper . $path; } /** * Determines a writable directory for temporary files. * * Function's preference is the return value of `sys_get_temp_dir()`, * followed by the `upload_tmp_dir` value from `php.ini`, followed by `WP_CONTENT_DIR`, * before finally defaulting to `/tmp/`. * * Note that `sys_get_temp_dir()` honors the `TMPDIR` environment variable. * * In the event that this function does not find a writable location, * it may be overridden by the `WP_TEMP_DIR` constant in your `wp-config.php` file. * * @since 2.5.0 * * @return string Writable temporary directory. */ function get_temp_dir() { static $temp = ''; if ( defined( 'WP_TEMP_DIR' ) ) { return trailingslashit( WP_TEMP_DIR ); } if ( $temp ) { return trailingslashit( $temp ); } if ( function_exists( 'sys_get_temp_dir' ) ) { $temp = sys_get_temp_dir(); if ( @is_dir( $temp ) && wp_is_writable( $temp ) ) { return trailingslashit( $temp ); } } $temp = ini_get( 'upload_tmp_dir' ); if ( @is_dir( $temp ) && wp_is_writable( $temp ) ) { return trailingslashit( $temp ); } $temp = WP_CONTENT_DIR . '/'; if ( is_dir( $temp ) && wp_is_writable( $temp ) ) { return $temp; } return '/tmp/'; } /** * Determines if a directory is writable. * * This function is used to work around certain ACL issues in PHP primarily * affecting Windows Servers. * * @since 3.6.0 * * @see win_is_writable() * * @param string $path Path to check for write-ability. * @return bool Whether the path is writable. */ function wp_is_writable( $path ) { if ( 'Windows' === PHP_OS_FAMILY ) { return win_is_writable( $path ); } return @is_writable( $path ); } /** * Workaround for Windows bug in is_writable() function * * PHP has issues with Windows ACL's for determine if a * directory is writable or not, this works around them by * checking the ability to open files rather than relying * upon PHP to interpret the OS ACL. * * @since 2.8.0 * * @see https://bugs.php.net/bug.php?id=27609 * @see https://bugs.php.net/bug.php?id=30931 * * @param string $path Windows path to check for write-ability. * @return bool Whether the path is writable. */ function win_is_writable( $path ) { if ( '/' === $path[ strlen( $path ) - 1 ] ) { // If it looks like a directory, check a random file within the directory. return win_is_writable( $path . uniqid( mt_rand() ) . '.tmp' ); } elseif ( is_dir( $path ) ) { // If it's a directory (and not a file), check a random file within the directory. return win_is_writable( $path . '/' . uniqid( mt_rand() ) . '.tmp' ); } // Check tmp file for read/write capabilities. $should_delete_tmp_file = ! file_exists( $path ); $f = @fopen( $path, 'a' ); if ( false === $f ) { return false; } fclose( $f ); if ( $should_delete_tmp_file ) { unlink( $path ); } return true; } /** * Retrieves uploads directory information. * * Same as wp_upload_dir() but "light weight" as it doesn't attempt to create the uploads directory. * Intended for use in themes, when only 'basedir' and 'baseurl' are needed, generally in all cases * when not uploading files. * * @since 4.5.0 * * @see wp_upload_dir() * * @return array See wp_upload_dir() for description. */ function wp_get_upload_dir() { return wp_upload_dir( null, false ); } /** * Returns an array containing the current upload directory's path and URL. * * Checks the 'upload_path' option, which should be from the web root folder, * and if it isn't empty it will be used. If it is empty, then the path will be * 'WP_CONTENT_DIR/uploads'. If the 'UPLOADS' constant is defined, then it will * override the 'upload_path' option and 'WP_CONTENT_DIR/uploads' path. * * The upload URL path is set either by the 'upload_url_path' option or by using * the 'WP_CONTENT_URL' constant and appending '/uploads' to the path. * * If the 'uploads_use_yearmonth_folders' is set to true (checkbox if checked in * the administration settings panel), then the time will be used. The format * will be year first and then month. * * If the path couldn't be created, then an error will be returned with the key * 'error' containing the error message. The error suggests that the parent * directory is not writable by the server. * * @since 2.0.0 * @uses _wp_upload_dir() * * @param string|null $time Optional. Time formatted in 'yyyy/mm'. Default null. * @param bool $create_dir Optional. Whether to check and create the uploads directory. * Default true for backward compatibility. * @param bool $refresh_cache Optional. Whether to refresh the cache. Default false. * @return array { * Array of information about the upload directory. * * @type string $path Base directory and subdirectory or full path to upload directory. * @type string $url Base URL and subdirectory or absolute URL to upload directory. * @type string $subdir Subdirectory if uploads use year/month folders option is on. * @type string $basedir Path without subdir. * @type string $baseurl URL path without subdir. * @type string|false $error False or error message. * } */ function wp_upload_dir( $time = null, $create_dir = true, $refresh_cache = false ) { static $cache = array(), $tested_paths = array(); $key = sprintf( '%d-%s', get_current_blog_id(), (string) $time ); if ( $refresh_cache || empty( $cache[ $key ] ) ) { $cache[ $key ] = _wp_upload_dir( $time ); } /** * Filters the uploads directory data. * * @since 2.0.0 * * @param array $uploads { * Array of information about the upload directory. * * @type string $path Base directory and subdirectory or full path to upload directory. * @type string $url Base URL and subdirectory or absolute URL to upload directory. * @type string $subdir Subdirectory if uploads use year/month folders option is on. * @type string $basedir Path without subdir. * @type string $baseurl URL path without subdir. * @type string|false $error False or error message. * } */ $uploads = apply_filters( 'upload_dir', $cache[ $key ] ); if ( $create_dir ) { $path = $uploads['path']; if ( array_key_exists( $path, $tested_paths ) ) { $uploads['error'] = $tested_paths[ $path ]; } else { if ( ! wp_mkdir_p( $path ) ) { if ( str_starts_with( $uploads['basedir'], ABSPATH ) ) { $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir']; } else { $error_path = wp_basename( $uploads['basedir'] ) . $uploads['subdir']; } $uploads['error'] = sprintf( /* translators: %s: Directory path. */ __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), esc_html( $error_path ) ); } $tested_paths[ $path ] = $uploads['error']; } } return $uploads; } /** * A non-filtered, non-cached version of wp_upload_dir() that doesn't check the path. * * @since 4.5.0 * @access private * * @param string|null $time Optional. Time formatted in 'yyyy/mm'. Default null. * @return array See wp_upload_dir() */ function _wp_upload_dir( $time = null ) { $siteurl = get_option( 'siteurl' ); $upload_path = trim( get_option( 'upload_path' ) ); if ( empty( $upload_path ) || 'wp-content/uploads' === $upload_path ) { $dir = WP_CONTENT_DIR . '/uploads'; } elseif ( ! str_starts_with( $upload_path, ABSPATH ) ) { // $dir is absolute, $upload_path is (maybe) relative to ABSPATH. $dir = path_join( ABSPATH, $upload_path ); } else { $dir = $upload_path; } $url = get_option( 'upload_url_path' ); if ( ! $url ) { if ( empty( $upload_path ) || ( 'wp-content/uploads' === $upload_path ) || ( $upload_path === $dir ) ) { $url = WP_CONTENT_URL . '/uploads'; } else { $url = trailingslashit( $siteurl ) . $upload_path; } } /* * Honor the value of UPLOADS. This happens as long as ms-files rewriting is disabled. * We also sometimes obey UPLOADS when rewriting is enabled -- see the next block. */ if ( defined( 'UPLOADS' ) && ! ( is_multisite() && get_site_option( 'ms_files_rewriting' ) ) ) { $dir = ABSPATH . UPLOADS; $url = trailingslashit( $siteurl ) . UPLOADS; } // If multisite (and if not the main site in a post-MU network). if ( is_multisite() && ! ( is_main_network() && is_main_site() && defined( 'MULTISITE' ) ) ) { if ( ! get_site_option( 'ms_files_rewriting' ) ) { /* * If ms-files rewriting is disabled (networks created post-3.5), it is fairly * straightforward: Append sites/%d if we're not on the main site (for post-MU * networks). (The extra directory prevents a four-digit ID from conflicting with * a year-based directory for the main site. But if a MU-era network has disabled * ms-files rewriting manually, they don't need the extra directory, as they never * had wp-content/uploads for the main site.) */ if ( defined( 'MULTISITE' ) ) { $ms_dir = '/sites/' . get_current_blog_id(); } else { $ms_dir = '/' . get_current_blog_id(); } $dir .= $ms_dir; $url .= $ms_dir; } elseif ( defined( 'UPLOADS' ) && ! ms_is_switched() ) { /* * Handle the old-form ms-files.php rewriting if the network still has that enabled. * When ms-files rewriting is enabled, then we only listen to UPLOADS when: * 1) We are not on the main site in a post-MU network, as wp-content/uploads is used * there, and * 2) We are not switched, as ms_upload_constants() hardcodes these constants to reflect * the original blog ID. * * Rather than UPLOADS, we actually use BLOGUPLOADDIR if it is set, as it is absolute. * (And it will be set, see ms_upload_constants().) Otherwise, UPLOADS can be used, as * as it is relative to ABSPATH. For the final piece: when UPLOADS is used with ms-files * rewriting in multisite, the resulting URL is /files. (#WP22702 for background.) */ if ( defined( 'BLOGUPLOADDIR' ) ) { $dir = untrailingslashit( BLOGUPLOADDIR ); } else { $dir = ABSPATH . UPLOADS; } $url = trailingslashit( $siteurl ) . 'files'; } } $basedir = $dir; $baseurl = $url; $subdir = ''; if ( get_option( 'uploads_use_yearmonth_folders' ) ) { // Generate the yearly and monthly directories. if ( ! $time ) { $time = current_time( 'mysql' ); } $y = substr( $time, 0, 4 ); $m = substr( $time, 5, 2 ); $subdir = "/$y/$m"; } $dir .= $subdir; $url .= $subdir; return array( 'path' => $dir, 'url' => $url, 'subdir' => $subdir, 'basedir' => $basedir, 'baseurl' => $baseurl, 'error' => false, ); } /** * Gets a filename that is sanitized and unique for the given directory. * * If the filename is not unique, then a number will be added to the filename * before the extension, and will continue adding numbers until the filename * is unique. * * The callback function allows the caller to use their own method to create * unique file names. If defined, the callback should take three arguments: * - directory, base filename, and extension - and return a unique filename. * * @since 2.5.0 * * @param string $dir Directory. * @param string $filename File name. * @param callable $unique_filename_callback Callback. Default null. * @return string New filename, if given wasn't unique. */ function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) { // Sanitize the file name before we begin processing. $filename = sanitize_file_name( $filename ); $ext2 = null; // Initialize vars used in the wp_unique_filename filter. $number = ''; $alt_filenames = array(); // Separate the filename into a name and extension. $ext = pathinfo( $filename, PATHINFO_EXTENSION ); $name = pathinfo( $filename, PATHINFO_BASENAME ); if ( $ext ) { $ext = '.' . $ext; } // Edge case: if file is named '.ext', treat as an empty name. if ( $name === $ext ) { $name = ''; } /* * Increment the file number until we have a unique file to save in $dir. * Use callback if supplied. */ if ( $unique_filename_callback && is_callable( $unique_filename_callback ) ) { $filename = call_user_func( $unique_filename_callback, $dir, $name, $ext ); } else { $fname = pathinfo( $filename, PATHINFO_FILENAME ); // Always append a number to file names that can potentially match image sub-size file names. if ( $fname && preg_match( '/-(?:\d+x\d+|scaled|rotated)$/', $fname ) ) { $number = 1; // At this point the file name may not be unique. This is tested below and the $number is incremented. $filename = str_replace( "{$fname}{$ext}", "{$fname}-{$number}{$ext}", $filename ); } /* * Get the mime type. Uploaded files were already checked with wp_check_filetype_and_ext() * in _wp_handle_upload(). Using wp_check_filetype() would be sufficient here. */ $file_type = wp_check_filetype( $filename ); $mime_type = $file_type['type']; $is_image = ( ! empty( $mime_type ) && str_starts_with( $mime_type, 'image/' ) ); $upload_dir = wp_get_upload_dir(); $lc_filename = null; $lc_ext = strtolower( $ext ); $_dir = trailingslashit( $dir ); /* * If the extension is uppercase add an alternate file name with lowercase extension. * Both need to be tested for uniqueness as the extension will be changed to lowercase * for better compatibility with different filesystems. Fixes an inconsistency in WP < 2.9 * where uppercase extensions were allowed but image sub-sizes were created with * lowercase extensions. */ if ( $ext && $lc_ext !== $ext ) { $lc_filename = preg_replace( '|' . preg_quote( $ext ) . '$|', $lc_ext, $filename ); } /* * Increment the number added to the file name if there are any files in $dir * whose names match one of the possible name variations. */ while ( file_exists( $_dir . $filename ) || ( $lc_filename && file_exists( $_dir . $lc_filename ) ) ) { $new_number = (int) $number + 1; if ( $lc_filename ) { $lc_filename = str_replace( array( "-{$number}{$lc_ext}", "{$number}{$lc_ext}" ), "-{$new_number}{$lc_ext}", $lc_filename ); } if ( '' === "{$number}{$ext}" ) { $filename = "{$filename}-{$new_number}"; } else { $filename = str_replace( array( "-{$number}{$ext}", "{$number}{$ext}" ), "-{$new_number}{$ext}", $filename ); } $number = $new_number; } // Change the extension to lowercase if needed. if ( $lc_filename ) { $filename = $lc_filename; } /* * Prevent collisions with existing file names that contain dimension-like strings * (whether they are subsizes or originals uploaded prior to #42437). */ $files = array(); $count = 10000; // The (resized) image files would have name and extension, and will be in the uploads dir. if ( $name && $ext && @is_dir( $dir ) && str_contains( $dir, $upload_dir['basedir'] ) ) { /** * Filters the file list used for calculating a unique filename for a newly added file. * * Returning an array from the filter will effectively short-circuit retrieval * from the filesystem and return the passed value instead. * * @since 5.5.0 * * @param array|null $files The list of files to use for filename comparisons. * Default null (to retrieve the list from the filesystem). * @param string $dir The directory for the new file. * @param string $filename The proposed filename for the new file. */ $files = apply_filters( 'pre_wp_unique_filename_file_list', null, $dir, $filename ); if ( null === $files ) { // List of all files and directories contained in $dir. $files = @scandir( $dir ); } if ( ! empty( $files ) ) { // Remove "dot" dirs. $files = array_diff( $files, array( '.', '..' ) ); } if ( ! empty( $files ) ) { $count = count( $files ); /* * Ensure this never goes into infinite loop as it uses pathinfo() and regex in the check, * but string replacement for the changes. */ $i = 0; while ( $i <= $count && _wp_check_existing_file_names( $filename, $files ) ) { $new_number = (int) $number + 1; // If $ext is uppercase it was replaced with the lowercase version after the previous loop. $filename = str_replace( array( "-{$number}{$lc_ext}", "{$number}{$lc_ext}" ), "-{$new_number}{$lc_ext}", $filename ); $number = $new_number; ++$i; } } } /* * Check if an image will be converted after uploading or some existing image sub-size file names may conflict * when regenerated. If yes, ensure the new file name will be unique and will produce unique sub-sizes. */ if ( $is_image ) { $output_formats = wp_get_image_editor_output_format( $_dir . $filename, $mime_type ); $alt_types = array(); if ( ! empty( $output_formats[ $mime_type ] ) ) { // The image will be converted to this format/mime type. $alt_mime_type = $output_formats[ $mime_type ]; // Other types of images whose names may conflict if their sub-sizes are regenerated. $alt_types = array_keys( array_intersect( $output_formats, array( $mime_type, $alt_mime_type ) ) ); $alt_types[] = $alt_mime_type; } elseif ( ! empty( $output_formats ) ) { $alt_types = array_keys( array_intersect( $output_formats, array( $mime_type ) ) ); } // Remove duplicates and the original mime type. It will be added later if needed. $alt_types = array_unique( array_diff( $alt_types, array( $mime_type ) ) ); foreach ( $alt_types as $alt_type ) { $alt_ext = wp_get_default_extension_for_mime_type( $alt_type ); if ( ! $alt_ext ) { continue; } $alt_ext = ".{$alt_ext}"; $alt_filename = preg_replace( '|' . preg_quote( $lc_ext ) . '$|', $alt_ext, $filename ); $alt_filenames[ $alt_ext ] = $alt_filename; } if ( ! empty( $alt_filenames ) ) { /* * Add the original filename. It needs to be checked again * together with the alternate filenames when $number is incremented. */ $alt_filenames[ $lc_ext ] = $filename; // Ensure no infinite loop. $i = 0; while ( $i <= $count && _wp_check_alternate_file_names( $alt_filenames, $_dir, $files ) ) { $new_number = (int) $number + 1; foreach ( $alt_filenames as $alt_ext => $alt_filename ) { $alt_filenames[ $alt_ext ] = str_replace( array( "-{$number}{$alt_ext}", "{$number}{$alt_ext}" ), "-{$new_number}{$alt_ext}", $alt_filename ); } /* * Also update the $number in (the output) $filename. * If the extension was uppercase it was already replaced with the lowercase version. */ $filename = str_replace( array( "-{$number}{$lc_ext}", "{$number}{$lc_ext}" ), "-{$new_number}{$lc_ext}", $filename ); $number = $new_number; ++$i; } } } } /** * Filters the result when generating a unique file name. * * @since 4.5.0 * @since 5.8.1 The `$alt_filenames` and `$number` parameters were added. * * @param string $filename Unique file name. * @param string $ext File extension. Example: ".png". * @param string $dir Directory path. * @param callable|null $unique_filename_callback Callback function that generates the unique file name. * @param string[] $alt_filenames Array of alternate file names that were checked for collisions. * @param int|string $number The highest number that was used to make the file name unique * or an empty string if unused. */ return apply_filters( 'wp_unique_filename', $filename, $ext, $dir, $unique_filename_callback, $alt_filenames, $number ); } /** * Helper function to test if each of an array of file names could conflict with existing files. * * @since 5.8.1 * @access private * * @param string[] $filenames Array of file names to check. * @param string $dir The directory containing the files. * @param array $files An array of existing files in the directory. May be empty. * @return bool True if the tested file name could match an existing file, false otherwise. */ function _wp_check_alternate_file_names( $filenames, $dir, $files ) { foreach ( $filenames as $filename ) { if ( file_exists( $dir . $filename ) ) { return true; } if ( ! empty( $files ) && _wp_check_existing_file_names( $filename, $files ) ) { return true; } } return false; } /** * Helper function to check if a file name could match an existing image sub-size file name. * * @since 5.3.1 * @access private * * @param string $filename The file name to check. * @param array $files An array of existing files in the directory. * @return bool True if the tested file name could match an existing file, false otherwise. */ function _wp_check_existing_file_names( $filename, $files ) { $fname = pathinfo( $filename, PATHINFO_FILENAME ); $ext = pathinfo( $filename, PATHINFO_EXTENSION ); // Edge case, file names like `.ext`. if ( empty( $fname ) ) { return false; } if ( $ext ) { $ext = ".$ext"; } $regex = '/^' . preg_quote( $fname ) . '-(?:\d+x\d+|scaled|rotated)' . preg_quote( $ext ) . '$/i'; foreach ( $files as $file ) { if ( preg_match( $regex, $file ) ) { return true; } } return false; } /** * Creates a file in the upload folder with given content. * * If there is an error, then the key 'error' will exist with the error message. * If success, then the key 'file' will have the unique file path, the 'url' key * will have the link to the new file. and the 'error' key will be set to false. * * This function will not move an uploaded file to the upload folder. It will * create a new file with the content in $bits parameter. If you move the upload * file, read the content of the uploaded file, and then you can give the * filename and content to this function, which will add it to the upload * folder. * * The permissions will be set on the new file automatically by this function. * * @since 2.0.0 * * @param string $name Filename. * @param null|string $deprecated Never used. Set to null. * @param string $bits File content * @param string|null $time Optional. Time formatted in 'yyyy/mm'. Default null. * @return array { * Information about the newly-uploaded file. * * @type string $file Filename of the newly-uploaded file. * @type string $url URL of the uploaded file. * @type string $type File type. * @type string|false $error Error message, if there has been an error. * } */ function wp_upload_bits( $name, $deprecated, $bits, $time = null ) { if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '2.0.0' ); } if ( empty( $name ) ) { return array( 'error' => __( 'Empty filename' ) ); } $wp_filetype = wp_check_filetype( $name ); if ( ! $wp_filetype['ext'] && ! current_user_can( 'unfiltered_upload' ) ) { return array( 'error' => __( 'Sorry, you are not allowed to upload this file type.' ) ); } $upload = wp_upload_dir( $time ); if ( false !== $upload['error'] ) { return $upload; } /** * Filters whether to treat the upload bits as an error. * * Returning a non-array from the filter will effectively short-circuit preparing the upload bits * and return that value instead. An error message should be returned as a string. * * @since 3.0.0 * * @param array|string $upload_bits_error An array of upload bits data, or error message to return. */ $upload_bits_error = apply_filters( 'wp_upload_bits', array( 'name' => $name, 'bits' => $bits, 'time' => $time, ) ); if ( ! is_array( $upload_bits_error ) ) { $upload['error'] = $upload_bits_error; return $upload; } $filename = wp_unique_filename( $upload['path'], $name ); $new_file = $upload['path'] . "/$filename"; if ( ! wp_mkdir_p( dirname( $new_file ) ) ) { if ( str_starts_with( $upload['basedir'], ABSPATH ) ) { $error_path = str_replace( ABSPATH, '', $upload['basedir'] ) . $upload['subdir']; } else { $error_path = wp_basename( $upload['basedir'] ) . $upload['subdir']; } $message = sprintf( /* translators: %s: Directory path. */ __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), $error_path ); return array( 'error' => $message ); } $ifp = @fopen( $new_file, 'wb' ); if ( ! $ifp ) { return array( /* translators: %s: File name. */ 'error' => sprintf( __( 'Could not write file %s' ), $new_file ), ); } fwrite( $ifp, $bits ); fclose( $ifp ); clearstatcache(); // Set correct file permissions. $stat = @ stat( dirname( $new_file ) ); $perms = $stat['mode'] & 0007777; $perms = $perms & 0000666; chmod( $new_file, $perms ); clearstatcache(); // Compute the URL. $url = $upload['url'] . "/$filename"; if ( is_multisite() ) { clean_dirsize_cache( $new_file ); } /** This filter is documented in wp-admin/includes/file.php */ return apply_filters( 'wp_handle_upload', array( 'file' => $new_file, 'url' => $url, 'type' => $wp_filetype['type'], 'error' => false, ), 'sideload' ); } /** * Retrieves the file type based on the extension name. * * @since 2.5.0 * * @param string $ext The extension to search. * @return string|void The file type, example: audio, video, document, spreadsheet, etc. */ function wp_ext2type( $ext ) { $ext = strtolower( $ext ); $ext2type = wp_get_ext_types(); foreach ( $ext2type as $type => $exts ) { if ( in_array( $ext, $exts, true ) ) { return $type; } } } /** * Returns the first matched extension for the mime type, as mapped from wp_get_mime_types(). * * @since 5.8.1 * * @param string $mime_type The mime type to search. * @return string|false The first matching file extension, or false if no extensions are found * for the given mime type. */ function wp_get_default_extension_for_mime_type( $mime_type ) { $extensions = explode( '|', array_search( $mime_type, wp_get_mime_types(), true ) ); if ( empty( $extensions[0] ) ) { return false; } return $extensions[0]; } /** * Retrieves the file type from the file name. * * You can optionally define the mime array, if needed. * * @since 2.0.4 * * @param string $filename File name or path. * @param string[]|null $mimes Optional. Array of allowed mime types keyed by their file extension regex. * Defaults to the result of get_allowed_mime_types(). * @return array { * Values for the extension and mime type. * * @type string|false $ext File extension, or false if the file doesn't match a mime type. * @type string|false $type File mime type, or false if the file doesn't match a mime type. * } */ function wp_check_filetype( $filename, $mimes = null ) { if ( empty( $mimes ) ) { $mimes = get_allowed_mime_types(); } $type = false; $ext = false; foreach ( $mimes as $ext_preg => $mime_match ) { $ext_preg = '!\.(' . $ext_preg . ')$!i'; if ( preg_match( $ext_preg, $filename, $ext_matches ) ) { $type = $mime_match; $ext = $ext_matches[1]; break; } } return compact( 'ext', 'type' ); } /** * Attempts to determine the real file type of a file. * * If unable to, the file name extension will be used to determine type. * * If it's determined that the extension does not match the file's real type, * then the "proper_filename" value will be set with a proper filename and extension. * * Currently this function only supports renaming images validated via wp_get_image_mime(). * * @since 3.0.0 * * @param string $file Full path to the file. * @param string $filename The name of the file (may differ from $file due to $file being * in a tmp directory). * @param string[]|null $mimes Optional. Array of allowed mime types keyed by their file extension regex. * Defaults to the result of get_allowed_mime_types(). * @return array { * Values for the extension, mime type, and corrected filename. * * @type string|false $ext File extension, or false if the file doesn't match a mime type. * @type string|false $type File mime type, or false if the file doesn't match a mime type. * @type string|false $proper_filename File name with its correct extension, or false if it cannot be determined. * } */ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { $proper_filename = false; // Do basic extension validation and MIME mapping. $wp_filetype = wp_check_filetype( $filename, $mimes ); $ext = $wp_filetype['ext']; $type = $wp_filetype['type']; // We can't do any further validation without a file to work with. if ( ! file_exists( $file ) ) { return compact( 'ext', 'type', 'proper_filename' ); } $real_mime = false; // Validate image types. if ( $type && str_starts_with( $type, 'image/' ) ) { // Attempt to figure out what type of image it actually is. $real_mime = wp_get_image_mime( $file ); $heic_images_extensions = array( 'heif', 'heics', 'heifs', ); if ( $real_mime && ( $real_mime !== $type || in_array( $ext, $heic_images_extensions, true ) ) ) { /** * Filters the list mapping image mime types to their respective extensions. * * @since 3.0.0 * * @param array $mime_to_ext Array of image mime types and their matching extensions. */ $mime_to_ext = apply_filters( 'getimagesize_mimes_to_exts', array( 'image/jpeg' => 'jpg', 'image/png' => 'png', 'image/gif' => 'gif', 'image/bmp' => 'bmp', 'image/tiff' => 'tif', 'image/webp' => 'webp', 'image/avif' => 'avif', /* * In theory there are/should be file extensions that correspond to the * mime types: .heif, .heics and .heifs. However it seems that HEIC images * with any of the mime types commonly have a .heic file extension. * Seems keeping the status quo here is best for compatibility. */ 'image/heic' => 'heic', 'image/heif' => 'heic', 'image/heic-sequence' => 'heic', 'image/heif-sequence' => 'heic', ) ); // Replace whatever is after the last period in the filename with the correct extension. if ( ! empty( $mime_to_ext[ $real_mime ] ) ) { $filename_parts = explode( '.', $filename ); array_pop( $filename_parts ); $filename_parts[] = $mime_to_ext[ $real_mime ]; $new_filename = implode( '.', $filename_parts ); if ( $new_filename !== $filename ) { $proper_filename = $new_filename; // Mark that it changed. } // Redefine the extension / MIME. $wp_filetype = wp_check_filetype( $new_filename, $mimes ); $ext = $wp_filetype['ext']; $type = $wp_filetype['type']; } else { // Reset $real_mime and try validating again. $real_mime = false; } } } // Validate files that didn't get validated during previous checks. if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) { $finfo = finfo_open( FILEINFO_MIME_TYPE ); $real_mime = finfo_file( $finfo, $file ); if ( PHP_VERSION_ID < 80100 ) { // finfo_close() has no effect as of PHP 8.1. finfo_close( $finfo ); } $google_docs_types = array( 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', ); foreach ( $google_docs_types as $google_docs_type ) { /* * finfo_file() can return duplicate mime type for Google docs, * this conditional reduces it to a single instance. * * @see https://bugs.php.net/bug.php?id=77784 * @see https://core.trac.wordpress.org/ticket/57898 */ if ( 2 === substr_count( $real_mime, $google_docs_type ) ) { $real_mime = $google_docs_type; } } // fileinfo often misidentifies obscure files as one of these types. $nonspecific_types = array( 'application/octet-stream', 'application/encrypted', 'application/CDFV2-encrypted', 'application/zip', ); /* * If $real_mime doesn't match the content type we're expecting from the file's extension, * we need to do some additional vetting. Media types and those listed in $nonspecific_types are * allowed some leeway, but anything else must exactly match the real content type. */ if ( in_array( $real_mime, $nonspecific_types, true ) ) { // File is a non-specific binary type. That's ok if it's a type that generally tends to be binary. if ( ! in_array( substr( $type, 0, strcspn( $type, '/' ) ), array( 'application', 'video', 'audio' ), true ) ) { $type = false; $ext = false; } } elseif ( str_starts_with( $real_mime, 'video/' ) || str_starts_with( $real_mime, 'audio/' ) ) { /* * For these types, only the major type must match the real value. * This means that common mismatches are forgiven: application/vnd.apple.numbers is often misidentified as application/zip, * and some media files are commonly named with the wrong extension (.mov instead of .mp4) */ if ( substr( $real_mime, 0, strcspn( $real_mime, '/' ) ) !== substr( $type, 0, strcspn( $type, '/' ) ) ) { $type = false; $ext = false; } } elseif ( 'text/plain' === $real_mime ) { // A few common file types are occasionally detected as text/plain; allow those. if ( ! in_array( $type, array( 'text/plain', 'text/csv', 'application/csv', 'text/richtext', 'text/tsv', 'text/vtt', ), true ) ) { $type = false; $ext = false; } } elseif ( 'application/csv' === $real_mime ) { // Special casing for CSV files. if ( ! in_array( $type, array( 'text/csv', 'text/plain', 'application/csv', ), true ) ) { $type = false; $ext = false; } } elseif ( 'text/rtf' === $real_mime ) { // Special casing for RTF files. if ( ! in_array( $type, array( 'text/rtf', 'text/plain', 'application/rtf', ), true ) ) { $type = false; $ext = false; } } else { if ( $type !== $real_mime ) { /* * Everything else including image/* and application/*: * If the real content type doesn't match the file extension, assume it's dangerous. */ $type = false; $ext = false; } } } // The mime type must be allowed. if ( $type ) { $allowed = get_allowed_mime_types(); if ( ! in_array( $type, $allowed, true ) ) { $type = false; $ext = false; } } /** * Filters the "real" file type of the given file. * * @since 3.0.0 * @since 5.1.0 The $real_mime parameter was added. * * @param array $wp_check_filetype_and_ext { * Values for the extension, mime type, and corrected filename. * * @type string|false $ext File extension, or false if the file doesn't match a mime type. * @type string|false $type File mime type, or false if the file doesn't match a mime type. * @type string|false $proper_filename File name with its correct extension, or false if it cannot be determined. * } * @param string $file Full path to the file. * @param string $filename The name of the file (may differ from $file due to * $file being in a tmp directory). * @param string[]|null $mimes Array of mime types keyed by their file extension regex, or null if * none were provided. * @param string|false $real_mime The actual mime type or false if the type cannot be determined. */ return apply_filters( 'wp_check_filetype_and_ext', compact( 'ext', 'type', 'proper_filename' ), $file, $filename, $mimes, $real_mime ); } /** * Returns the real mime type of an image file. * * This depends on exif_imagetype() or getimagesize() to determine real mime types. * * @since 4.7.1 * @since 5.8.0 Added support for WebP images. * @since 6.5.0 Added support for AVIF images. * @since 6.7.0 Added support for HEIC images. * * @param string $file Full path to the file. * @return string|false The actual mime type or false if the type cannot be determined. */ function wp_get_image_mime( $file ) { /* * Use exif_imagetype() to check the mimetype if available or fall back to * getimagesize() if exif isn't available. If either function throws an Exception * we assume the file could not be validated. */ try { if ( is_callable( 'exif_imagetype' ) ) { $imagetype = exif_imagetype( $file ); $mime = ( $imagetype ) ? image_type_to_mime_type( $imagetype ) : false; } elseif ( function_exists( 'getimagesize' ) ) { // Don't silence errors when in debug mode, unless running unit tests. if ( defined( 'WP_DEBUG' ) && WP_DEBUG && ! defined( 'WP_RUN_CORE_TESTS' ) ) { // Not using wp_getimagesize() here to avoid an infinite loop. $imagesize = getimagesize( $file ); } else { $imagesize = @getimagesize( $file ); } $mime = ( isset( $imagesize['mime'] ) ) ? $imagesize['mime'] : false; } else { $mime = false; } if ( false !== $mime ) { return $mime; } $magic = file_get_contents( $file, false, null, 0, 12 ); if ( false === $magic ) { return false; } /* * Add WebP fallback detection when image library doesn't support WebP. * Note: detection values come from LibWebP, see * https://github.com/webmproject/libwebp/blob/master/imageio/image_dec.c#L30 */ $magic = bin2hex( $magic ); if ( // RIFF. ( str_starts_with( $magic, '52494646' ) ) && // WEBP. ( 16 === strpos( $magic, '57454250' ) ) ) { $mime = 'image/webp'; } /** * Add AVIF fallback detection when image library doesn't support AVIF. * * Detection based on section 4.3.1 File-type box definition of the ISO/IEC 14496-12 * specification and the AV1-AVIF spec, see https://aomediacodec.github.io/av1-avif/v1.1.0.html#brands. */ // Divide the header string into 4 byte groups. $magic = str_split( $magic, 8 ); if ( isset( $magic[1] ) && isset( $magic[2] ) && 'ftyp' === hex2bin( $magic[1] ) ) { if ( 'avif' === hex2bin( $magic[2] ) || 'avis' === hex2bin( $magic[2] ) ) { $mime = 'image/avif'; } elseif ( 'heic' === hex2bin( $magic[2] ) ) { $mime = 'image/heic'; } elseif ( 'heif' === hex2bin( $magic[2] ) ) { $mime = 'image/heif'; } else { /* * HEIC/HEIF images and image sequences/animations may have other strings here * like mif1, msf1, etc. For now fall back to using finfo_file() to detect these. */ if ( extension_loaded( 'fileinfo' ) ) { $fileinfo = finfo_open( FILEINFO_MIME_TYPE ); $mime_type = finfo_file( $fileinfo, $file ); if ( PHP_VERSION_ID < 80100 ) { // finfo_close() has no effect as of PHP 8.1. finfo_close( $fileinfo ); } if ( wp_is_heic_image_mime_type( $mime_type ) ) { $mime = $mime_type; } } } } } catch ( Exception $e ) { $mime = false; } return $mime; } /** * Retrieves the list of mime types and file extensions. * * @since 3.5.0 * @since 4.2.0 Support was added for GIMP (.xcf) files. * @since 4.9.2 Support was added for Flac (.flac) files. * @since 4.9.6 Support was added for AAC (.aac) files. * @since 6.8.0 Support was added for `audio/x-wav`. * * @return string[] Array of mime types keyed by the file extension regex corresponding to those types. */ function wp_get_mime_types() { /** * Filters the list of mime types and file extensions. * * This filter should be used to add, not remove, mime types. To remove * mime types, use the {@see 'upload_mimes'} filter. * * @since 3.5.0 * * @param string[] $wp_get_mime_types Mime types keyed by the file extension regex * corresponding to those types. */ return apply_filters( 'mime_types', array( // Image formats. 'jpg|jpeg|jpe' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png', 'bmp' => 'image/bmp', 'tiff|tif' => 'image/tiff', 'webp' => 'image/webp', 'avif' => 'image/avif', 'ico' => 'image/x-icon', // TODO: Needs improvement. All images with the following mime types seem to have .heic file extension. 'heic' => 'image/heic', 'heif' => 'image/heif', 'heics' => 'image/heic-sequence', 'heifs' => 'image/heif-sequence', // Video formats. 'asf|asx' => 'video/x-ms-asf', 'wmv' => 'video/x-ms-wmv', 'wmx' => 'video/x-ms-wmx', 'wm' => 'video/x-ms-wm', 'avi' => 'video/avi', 'divx' => 'video/divx', 'flv' => 'video/x-flv', 'mov|qt' => 'video/quicktime', 'mpeg|mpg|mpe' => 'video/mpeg', 'mp4|m4v' => 'video/mp4', 'ogv' => 'video/ogg', 'webm' => 'video/webm', 'mkv' => 'video/x-matroska', '3gp|3gpp' => 'video/3gpp', // Can also be audio. '3g2|3gp2' => 'video/3gpp2', // Can also be audio. // Text formats. 'txt|asc|c|cc|h|srt' => 'text/plain', 'csv' => 'text/csv', 'tsv' => 'text/tab-separated-values', 'ics' => 'text/calendar', 'rtx' => 'text/richtext', 'css' => 'text/css', 'htm|html' => 'text/html', 'vtt' => 'text/vtt', 'dfxp' => 'application/ttaf+xml', // Audio formats. 'mp3|m4a|m4b' => 'audio/mpeg', 'aac' => 'audio/aac', 'ra|ram' => 'audio/x-realaudio', 'wav|x-wav' => 'audio/wav', 'ogg|oga' => 'audio/ogg', 'flac' => 'audio/flac', 'mid|midi' => 'audio/midi', 'wma' => 'audio/x-ms-wma', 'wax' => 'audio/x-ms-wax', 'mka' => 'audio/x-matroska', // Misc application formats. 'rtf' => 'application/rtf', 'js' => 'application/javascript', 'pdf' => 'application/pdf', 'swf' => 'application/x-shockwave-flash', 'class' => 'application/java', 'tar' => 'application/x-tar', 'zip' => 'application/zip', 'gz|gzip' => 'application/x-gzip', 'rar' => 'application/rar', '7z' => 'application/x-7z-compressed', 'exe' => 'application/x-msdownload', 'psd' => 'application/octet-stream', 'xcf' => 'application/octet-stream', // MS Office formats. 'doc' => 'application/msword', 'pot|pps|ppt' => 'application/vnd.ms-powerpoint', 'wri' => 'application/vnd.ms-write', 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel', 'mdb' => 'application/vnd.ms-access', 'mpp' => 'application/vnd.ms-project', 'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'docm' => 'application/vnd.ms-word.document.macroEnabled.12', 'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template', 'dotm' => 'application/vnd.ms-word.template.macroEnabled.12', 'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12', 'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12', 'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template', 'xltm' => 'application/vnd.ms-excel.template.macroEnabled.12', 'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12', 'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12', 'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 'ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12', 'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template', 'potm' => 'application/vnd.ms-powerpoint.template.macroEnabled.12', 'ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12', 'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide', 'sldm' => 'application/vnd.ms-powerpoint.slide.macroEnabled.12', 'onetoc|onetoc2|onetmp|onepkg' => 'application/onenote', 'oxps' => 'application/oxps', 'xps' => 'application/vnd.ms-xpsdocument', // OpenOffice formats. 'odt' => 'application/vnd.oasis.opendocument.text', 'odp' => 'application/vnd.oasis.opendocument.presentation', 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', 'odg' => 'application/vnd.oasis.opendocument.graphics', 'odc' => 'application/vnd.oasis.opendocument.chart', 'odb' => 'application/vnd.oasis.opendocument.database', 'odf' => 'application/vnd.oasis.opendocument.formula', // WordPerfect formats. 'wp|wpd' => 'application/wordperfect', // iWork formats. 'key' => 'application/vnd.apple.keynote', 'numbers' => 'application/vnd.apple.numbers', 'pages' => 'application/vnd.apple.pages', ) ); } /** * Retrieves the list of common file extensions and their types. * * @since 4.6.0 * * @return array[] Multi-dimensional array of file extensions types keyed by the type of file. */ function wp_get_ext_types() { /** * Filters file type based on the extension name. * * @since 2.5.0 * * @see wp_ext2type() * * @param array[] $ext2type Multi-dimensional array of file extensions types keyed by the type of file. */ return apply_filters( 'ext2type', array( 'image' => array( 'jpg', 'jpeg', 'jpe', 'gif', 'png', 'bmp', 'tif', 'tiff', 'ico', 'heic', 'heif', 'webp', 'avif' ), 'audio' => array( 'aac', 'ac3', 'aif', 'aiff', 'flac', 'm3a', 'm4a', 'm4b', 'mka', 'mp1', 'mp2', 'mp3', 'ogg', 'oga', 'ram', 'wav', 'wma' ), 'video' => array( '3g2', '3gp', '3gpp', 'asf', 'avi', 'divx', 'dv', 'flv', 'm4v', 'mkv', 'mov', 'mp4', 'mpeg', 'mpg', 'mpv', 'ogm', 'ogv', 'qt', 'rm', 'vob', 'wmv' ), 'document' => array( 'doc', 'docx', 'docm', 'dotm', 'odt', 'pages', 'pdf', 'xps', 'oxps', 'rtf', 'wp', 'wpd', 'psd', 'xcf' ), 'spreadsheet' => array( 'numbers', 'ods', 'xls', 'xlsx', 'xlsm', 'xlsb' ), 'interactive' => array( 'swf', 'key', 'ppt', 'pptx', 'pptm', 'pps', 'ppsx', 'ppsm', 'sldx', 'sldm', 'odp' ), 'text' => array( 'asc', 'csv', 'tsv', 'txt' ), 'archive' => array( 'bz2', 'cab', 'dmg', 'gz', 'rar', 'sea', 'sit', 'sqx', 'tar', 'tgz', 'zip', '7z' ), 'code' => array( 'css', 'htm', 'html', 'php', 'js' ), ) ); } /** * Wrapper for PHP filesize with filters and casting the result as an integer. * * @since 6.0.0 * * @link https://www.php.net/manual/en/function.filesize.php * * @param string $path Path to the file. * @return int The size of the file in bytes, or 0 in the event of an error. */ function wp_filesize( $path ) { /** * Filters the result of wp_filesize before the PHP function is run. * * @since 6.0.0 * * @param null|int $size The unfiltered value. Returning an int from the callback bypasses the filesize call. * @param string $path Path to the file. */ $size = apply_filters( 'pre_wp_filesize', null, $path ); if ( is_int( $size ) ) { return $size; } $size = file_exists( $path ) ? (int) filesize( $path ) : 0; /** * Filters the size of the file. * * @since 6.0.0 * * @param int $size The result of PHP filesize on the file. * @param string $path Path to the file. */ return (int) apply_filters( 'wp_filesize', $size, $path ); } /** * Retrieves the list of allowed mime types and file extensions. * * @since 2.8.6 * * @param int|WP_User $user Optional. User to check. Defaults to current user. * @return string[] Array of mime types keyed by the file extension regex corresponding * to those types. */ function get_allowed_mime_types( $user = null ) { $t = wp_get_mime_types(); unset( $t['swf'], $t['exe'] ); if ( function_exists( 'current_user_can' ) ) { $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' ); } if ( empty( $unfiltered ) ) { unset( $t['htm|html'], $t['js'] ); } /** * Filters the list of allowed mime types and file extensions. * * @since 2.0.0 * * @param array $t Mime types keyed by the file extension regex corresponding to those types. * @param int|WP_User|null $user User ID, User object or null if not provided (indicates current user). */ return apply_filters( 'upload_mimes', $t, $user ); } /** * Displays "Are You Sure" message to confirm the action being taken. * * If the action has the nonce explain message, then it will be displayed * along with the "Are you sure?" message. * * @since 2.0.4 * * @param string $action The nonce action. */ function wp_nonce_ays( $action ) { // Default title and response code. $title = __( 'An error occurred.' ); $response_code = 403; if ( 'log-out' === $action ) { $title = sprintf( /* translators: %s: Site title. */ __( 'You are attempting to log out of %s' ), get_bloginfo( 'name' ) ); $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; $html = $title; $html .= '</p><p>'; $html .= sprintf( /* translators: %s: Logout URL. */ __( 'Do you really want to <a href="%s">log out</a>?' ), wp_logout_url( $redirect_to ) ); } else { $html = __( 'The link you followed has expired.' ); if ( wp_get_referer() ) { $wp_http_referer = remove_query_arg( 'updated', wp_get_referer() ); $wp_http_referer = wp_validate_redirect( sanitize_url( $wp_http_referer ) ); $html .= '</p><p>'; $html .= sprintf( '<a href="%s">%s</a>', esc_url( $wp_http_referer ), __( 'Please try again.' ) ); } } wp_die( $html, $title, $response_code ); } /** * Kills WordPress execution and displays HTML page with an error message. * * This function complements the `die()` PHP function. The difference is that * HTML will be displayed to the user. It is recommended to use this function * only when the execution should not continue any further. It is not recommended * to call this function very often, and try to handle as many errors as possible * silently or more gracefully. * * As a shorthand, the desired HTTP response code may be passed as an integer to * the `$title` parameter (the default title would apply) or the `$args` parameter. * * @since 2.0.4 * @since 4.1.0 The `$title` and `$args` parameters were changed to optionally accept * an integer to be used as the response code. * @since 5.1.0 The `$link_url`, `$link_text`, and `$exit` arguments were added. * @since 5.3.0 The `$charset` argument was added. * @since 5.5.0 The `$text_direction` argument has a priority over get_language_attributes() * in the default handler. * * @global WP_Query $wp_query WordPress Query object. * * @param string|WP_Error $message Optional. Error message. If this is a WP_Error object, * and not an Ajax or XML-RPC request, the error's messages are used. * Default empty string. * @param string|int $title Optional. Error title. If `$message` is a `WP_Error` object, * error data with the key 'title' may be used to specify the title. * If `$title` is an integer, then it is treated as the response code. * Default empty string. * @param string|array|int $args { * Optional. Arguments to control behavior. If `$args` is an integer, then it is treated * as the response code. Default empty array. * * @type int $response The HTTP response code. Default 200 for Ajax requests, 500 otherwise. * @type string $link_url A URL to include a link to. Only works in combination with $link_text. * Default empty string. * @type string $link_text A label for the link to include. Only works in combination with $link_url. * Default empty string. * @type bool $back_link Whether to include a link to go back. Default false. * @type string $text_direction The text direction. This is only useful internally, when WordPress is still * loading and the site's locale is not set up yet. Accepts 'rtl' and 'ltr'. * Default is the value of is_rtl(). * @type string $charset Character set of the HTML output. Default 'utf-8'. * @type string $code Error code to use. Default is 'wp_die', or the main error code if $message * is a WP_Error. * @type bool $exit Whether to exit the process after completion. Default true. * } */ function wp_die( $message = '', $title = '', $args = array() ) { global $wp_query; if ( is_int( $args ) ) { $args = array( 'response' => $args ); } elseif ( is_int( $title ) ) { $args = array( 'response' => $title ); $title = ''; } if ( wp_doing_ajax() ) { /** * Filters the callback for killing WordPress execution for Ajax requests. * * @since 3.4.0 * * @param callable $callback Callback function name. */ $callback = apply_filters( 'wp_die_ajax_handler', '_ajax_wp_die_handler' ); } elseif ( wp_is_json_request() ) { /** * Filters the callback for killing WordPress execution for JSON requests. * * @since 5.1.0 * * @param callable $callback Callback function name. */ $callback = apply_filters( 'wp_die_json_handler', '_json_wp_die_handler' ); } elseif ( wp_is_serving_rest_request() && wp_is_jsonp_request() ) { /** * Filters the callback for killing WordPress execution for JSONP REST requests. * * @since 5.2.0 * * @param callable $callback Callback function name. */ $callback = apply_filters( 'wp_die_jsonp_handler', '_jsonp_wp_die_handler' ); } elseif ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) { /** * Filters the callback for killing WordPress execution for XML-RPC requests. * * @since 3.4.0 * * @param callable $callback Callback function name. */ $callback = apply_filters( 'wp_die_xmlrpc_handler', '_xmlrpc_wp_die_handler' ); } elseif ( wp_is_xml_request() || isset( $wp_query ) && ( function_exists( 'is_feed' ) && is_feed() || function_exists( 'is_comment_feed' ) && is_comment_feed() || function_exists( 'is_trackback' ) && is_trackback() ) ) { /** * Filters the callback for killing WordPress execution for XML requests. * * @since 5.2.0 * * @param callable $callback Callback function name. */ $callback = apply_filters( 'wp_die_xml_handler', '_xml_wp_die_handler' ); } else { /** * Filters the callback for killing WordPress execution for all non-Ajax, non-JSON, non-XML requests. * * @since 3.0.0 * * @param callable $callback Callback function name. */ $callback = apply_filters( 'wp_die_handler', '_default_wp_die_handler' ); } call_user_func( $callback, $message, $title, $args ); } /** * Kills WordPress execution and displays HTML page with an error message. * * This is the default handler for wp_die(). If you want a custom one, * you can override this using the {@see 'wp_die_handler'} filter in wp_die(). * * @since 3.0.0 * @access private * * @param string|WP_Error $message Error message or WP_Error object. * @param string $title Optional. Error title. Default empty string. * @param string|array $args Optional. Arguments to control behavior. Default empty array. */ function _default_wp_die_handler( $message, $title = '', $args = array() ) { list( $message, $title, $parsed_args ) = _wp_die_process_input( $message, $title, $args ); if ( is_string( $message ) ) { if ( ! empty( $parsed_args['additional_errors'] ) ) { $message = array_merge( array( $message ), wp_list_pluck( $parsed_args['additional_errors'], 'message' ) ); $message = "<ul>\n\t\t<li>" . implode( "</li>\n\t\t<li>", $message ) . "</li>\n\t</ul>"; } $message = sprintf( '<div class="wp-die-message">%s</div>', $message ); } $have_gettext = function_exists( '__' ); if ( ! empty( $parsed_args['link_url'] ) && ! empty( $parsed_args['link_text'] ) ) { $link_url = $parsed_args['link_url']; if ( function_exists( 'esc_url' ) ) { $link_url = esc_url( $link_url ); } $link_text = $parsed_args['link_text']; $message .= "\n<p><a href='{$link_url}'>{$link_text}</a></p>"; } if ( isset( $parsed_args['back_link'] ) && $parsed_args['back_link'] ) { $back_text = $have_gettext ? __( '« Back' ) : '« Back'; $message .= "\n<p><a href='javascript:history.back()'>$back_text</a></p>"; } if ( ! did_action( 'admin_head' ) ) : if ( ! headers_sent() ) { header( "Content-Type: text/html; charset={$parsed_args['charset']}" ); status_header( $parsed_args['response'] ); nocache_headers(); } $text_direction = $parsed_args['text_direction']; $dir_attr = "dir='$text_direction'"; /* * If `text_direction` was not explicitly passed, * use get_language_attributes() if available. */ if ( empty( $args['text_direction'] ) && function_exists( 'language_attributes' ) && function_exists( 'is_rtl' ) ) { $dir_attr = get_language_attributes(); } ?> <!DOCTYPE html> <html <?php echo $dir_attr; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $parsed_args['charset']; ?>" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <?php if ( function_exists( 'wp_robots' ) && function_exists( 'wp_robots_no_robots' ) && function_exists( 'add_filter' ) ) { add_filter( 'wp_robots', 'wp_robots_no_robots' ); // Prevent warnings because of $wp_query not existing. remove_filter( 'wp_robots', 'wp_robots_noindex_embeds' ); remove_filter( 'wp_robots', 'wp_robots_noindex_search' ); wp_robots(); } ?> <title><?php echo $title; ?></title> <style type="text/css"> html { background: #f1f1f1; } body { background: #fff; border: 1px solid #ccd0d4; color: #444; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif; margin: 2em auto; padding: 1em 2em; max-width: 700px; -webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .04); box-shadow: 0 1px 1px rgba(0, 0, 0, .04); } h1 { border-bottom: 1px solid #dadada; clear: both; color: #666; font-size: 24px; margin: 30px 0 0 0; padding: 0; padding-bottom: 7px; } #error-page { margin-top: 50px; } #error-page p, #error-page .wp-die-message { font-size: 14px; line-height: 1.5; margin: 25px 0 20px; } #error-page code { font-family: Consolas, Monaco, monospace; } ul li { margin-bottom: 10px; font-size: 14px ; } a { color: #2271b1; } a:hover, a:active { color: #135e96; } a:focus { color: #043959; box-shadow: 0 0 0 2px #2271b1; outline: 2px solid transparent; } .button { background: #f3f5f6; border: 1px solid #016087; color: #016087; display: inline-block; text-decoration: none; font-size: 13px; line-height: 2; height: 28px; margin: 0; padding: 0 10px 1px; cursor: pointer; -webkit-border-radius: 3px; -webkit-appearance: none; border-radius: 3px; white-space: nowrap; -webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box; vertical-align: top; } .button.button-large { line-height: 2.30769231; min-height: 32px; padding: 0 12px; } .button:hover, .button:focus { background: #f1f1f1; } .button:focus { background: #f3f5f6; border-color: #007cba; -webkit-box-shadow: 0 0 0 1px #007cba; box-shadow: 0 0 0 1px #007cba; color: #016087; outline: 2px solid transparent; outline-offset: 0; } .button:active { background: #f3f5f6; border-color: #7e8993; -webkit-box-shadow: none; box-shadow: none; } <?php if ( 'rtl' === $text_direction ) { echo 'body { font-family: Tahoma, Arial; }'; } ?> </style> </head> <body id="error-page"> <?php endif; // ! did_action( 'admin_head' ) ?> <?php echo $message; ?> </body> </html> <?php if ( $parsed_args['exit'] ) { die(); } } /** * Kills WordPress execution and displays Ajax response with an error message. * * This is the handler for wp_die() when processing Ajax requests. * * @since 3.4.0 * @access private * * @param string $message Error message. * @param string $title Optional. Error title (unused). Default empty string. * @param string|array $args Optional. Arguments to control behavior. Default empty array. */ function _ajax_wp_die_handler( $message, $title = '', $args = array() ) { // Set default 'response' to 200 for Ajax requests. $args = wp_parse_args( $args, array( 'response' => 200 ) ); list( $message, $title, $parsed_args ) = _wp_die_process_input( $message, $title, $args ); if ( ! headers_sent() ) { // This is intentional. For backward-compatibility, support passing null here. if ( null !== $args['response'] ) { status_header( $parsed_args['response'] ); } nocache_headers(); } if ( is_scalar( $message ) ) { $message = (string) $message; } else { $message = '0'; } if ( $parsed_args['exit'] ) { die( $message ); } echo $message; } /** * Kills WordPress execution and displays JSON response with an error message. * * This is the handler for wp_die() when processing JSON requests. * * @since 5.1.0 * @access private * * @param string $message Error message. * @param string $title Optional. Error title. Default empty string. * @param string|array $args Optional. Arguments to control behavior. Default empty array. */ function _json_wp_die_handler( $message, $title = '', $args = array() ) { list( $message, $title, $parsed_args ) = _wp_die_process_input( $message, $title, $args ); $data = array( 'code' => $parsed_args['code'], 'message' => $message, 'data' => array( 'status' => $parsed_args['response'], ), 'additional_errors' => $parsed_args['additional_errors'], ); if ( isset( $parsed_args['error_data'] ) ) { $data['data']['error'] = $parsed_args['error_data']; } if ( ! headers_sent() ) { header( "Content-Type: application/json; charset={$parsed_args['charset']}" ); if ( null !== $parsed_args['response'] ) { status_header( $parsed_args['response'] ); } nocache_headers(); } echo wp_json_encode( $data ); if ( $parsed_args['exit'] ) { die(); } } /** * Kills WordPress execution and displays JSONP response with an error message. * * This is the handler for wp_die() when processing JSONP requests. * * @since 5.2.0 * @access private * * @param string $message Error message. * @param string $title Optional. Error title. Default empty string. * @param string|array $args Optional. Arguments to control behavior. Default empty array. */ function _jsonp_wp_die_handler( $message, $title = '', $args = array() ) { list( $message, $title, $parsed_args ) = _wp_die_process_input( $message, $title, $args ); $data = array( 'code' => $parsed_args['code'], 'message' => $message, 'data' => array( 'status' => $parsed_args['response'], ), 'additional_errors' => $parsed_args['additional_errors'], ); if ( isset( $parsed_args['error_data'] ) ) { $data['data']['error'] = $parsed_args['error_data']; } if ( ! headers_sent() ) { header( "Content-Type: application/javascript; charset={$parsed_args['charset']}" ); header( 'X-Content-Type-Options: nosniff' ); header( 'X-Robots-Tag: noindex' ); if ( null !== $parsed_args['response'] ) { status_header( $parsed_args['response'] ); } nocache_headers(); } $result = wp_json_encode( $data ); $jsonp_callback = $_GET['_jsonp']; echo '/**/' . $jsonp_callback . '(' . $result . ')'; if ( $parsed_args['exit'] ) { die(); } } /** * Kills WordPress execution and displays XML response with an error message. * * This is the handler for wp_die() when processing XML-RPC requests. * * @since 3.2.0 * @access private * * @global wp_xmlrpc_server $wp_xmlrpc_server * * @param string $message Error message. * @param string $title Optional. Error title. Default empty string. * @param string|array $args Optional. Arguments to control behavior. Default empty array. */ function _xmlrpc_wp_die_handler( $message, $title = '', $args = array() ) { global $wp_xmlrpc_server; list( $message, $title, $parsed_args ) = _wp_die_process_input( $message, $title, $args ); if ( ! headers_sent() ) { nocache_headers(); } if ( $wp_xmlrpc_server ) { $error = new IXR_Error( $parsed_args['response'], $message ); $wp_xmlrpc_server->output( $error->getXml() ); } if ( $parsed_args['exit'] ) { die(); } } /** * Kills WordPress execution and displays XML response with an error message. * * This is the handler for wp_die() when processing XML requests. * * @since 5.2.0 * @access private * * @param string $message Error message. * @param string $title Optional. Error title. Default empty string. * @param string|array $args Optional. Arguments to control behavior. Default empty array. */ function _xml_wp_die_handler( $message, $title = '', $args = array() ) { list( $message, $title, $parsed_args ) = _wp_die_process_input( $message, $title, $args ); $message = htmlspecialchars( $message ); $title = htmlspecialchars( $title ); $xml = <<<EOD <error> <code>{$parsed_args['code']}</code> <title><![CDATA[{$title}]]></title> <message><![CDATA[{$message}]]></message> <data> <status>{$parsed_args['response']}</status> </data> </error> EOD; if ( ! headers_sent() ) { header( "Content-Type: text/xml; charset={$parsed_args['charset']}" ); if ( null !== $parsed_args['response'] ) { status_header( $parsed_args['response'] ); } nocache_headers(); } echo $xml; if ( $parsed_args['exit'] ) { die(); } } /** * Kills WordPress execution and displays an error message. * * This is the handler for wp_die() when processing APP requests. * * @since 3.4.0 * @since 5.1.0 Added the $title and $args parameters. * @access private * * @param string $message Optional. Response to print. Default empty string. * @param string $title Optional. Error title (unused). Default empty string. * @param string|array $args Optional. Arguments to control behavior. Default empty array. */ function _scalar_wp_die_handler( $message = '', $title = '', $args = array() ) { list( $message, $title, $parsed_args ) = _wp_die_process_input( $message, $title, $args ); if ( $parsed_args['exit'] ) { if ( is_scalar( $message ) ) { die( (string) $message ); } die(); } if ( is_scalar( $message ) ) { echo (string) $message; } } /** * Processes arguments passed to wp_die() consistently for its handlers. * * @since 5.1.0 * @access private * * @param string|WP_Error $message Error message or WP_Error object. * @param string $title Optional. Error title. Default empty string. * @param string|array $args Optional. Arguments to control behavior. Default empty array. * @return array { * Processed arguments. * * @type string $0 Error message. * @type string $1 Error title. * @type array $2 Arguments to control behavior. * } */ function _wp_die_process_input( $message, $title = '', $args = array() ) { $defaults = array( 'response' => 0, 'code' => '', 'exit' => true, 'back_link' => false, 'link_url' => '', 'link_text' => '', 'text_direction' => '', 'charset' => 'utf-8', 'additional_errors' => array(), ); $args = wp_parse_args( $args, $defaults ); if ( function_exists( 'is_wp_error' ) && is_wp_error( $message ) ) { if ( ! empty( $message->errors ) ) { $errors = array(); foreach ( (array) $message->errors as $error_code => $error_messages ) { foreach ( (array) $error_messages as $error_message ) { $errors[] = array( 'code' => $error_code, 'message' => $error_message, 'data' => $message->get_error_data( $error_code ), ); } } $message = $errors[0]['message']; if ( empty( $args['code'] ) ) { $args['code'] = $errors[0]['code']; } if ( empty( $args['response'] ) && is_array( $errors[0]['data'] ) && ! empty( $errors[0]['data']['status'] ) ) { $args['response'] = $errors[0]['data']['status']; } if ( empty( $title ) && is_array( $errors[0]['data'] ) && ! empty( $errors[0]['data']['title'] ) ) { $title = $errors[0]['data']['title']; } if ( WP_DEBUG_DISPLAY && is_array( $errors[0]['data'] ) && ! empty( $errors[0]['data']['error'] ) ) { $args['error_data'] = $errors[0]['data']['error']; } unset( $errors[0] ); $args['additional_errors'] = array_values( $errors ); } else { $message = ''; } } $have_gettext = function_exists( '__' ); // The $title and these specific $args must always have a non-empty value. if ( empty( $args['code'] ) ) { $args['code'] = 'wp_die'; } if ( empty( $args['response'] ) ) { $args['response'] = 500; } if ( empty( $title ) ) { $title = $have_gettext ? __( 'WordPress › Error' ) : 'WordPress › Error'; } if ( empty( $args['text_direction'] ) || ! in_array( $args['text_direction'], array( 'ltr', 'rtl' ), true ) ) { $args['text_direction'] = 'ltr'; if ( function_exists( 'is_rtl' ) && is_rtl() ) { $args['text_direction'] = 'rtl'; } } if ( ! empty( $args['charset'] ) ) { $args['charset'] = _canonical_charset( $args['charset'] ); } return array( $message, $title, $args ); } /** * Encodes a variable into JSON, with some confidence checks. * * @since 4.1.0 * @since 5.3.0 No longer handles support for PHP < 5.6. * @since 6.5.0 The `$data` parameter has been renamed to `$value` and * the `$options` parameter to `$flags` for parity with PHP. * * @param mixed $value Variable (usually an array or object) to encode as JSON. * @param int $flags Optional. Options to be passed to json_encode(). Default 0. * @param int $depth Optional. Maximum depth to walk through $value. Must be * greater than 0. Default 512. * @return string|false The JSON encoded string, or false if it cannot be encoded. */ function wp_json_encode( $value, $flags = 0, $depth = 512 ) { $json = json_encode( $value, $flags, $depth ); // If json_encode() was successful, no need to do more confidence checking. if ( false !== $json ) { return $json; } try { $value = _wp_json_sanity_check( $value, $depth ); } catch ( Exception $e ) { return false; } return json_encode( $value, $flags, $depth ); } /** * Performs confidence checks on data that shall be encoded to JSON. * * @ignore * @since 4.1.0 * @access private * * @see wp_json_encode() * * @throws Exception If depth limit is reached. * * @param mixed $value Variable (usually an array or object) to encode as JSON. * @param int $depth Maximum depth to walk through $value. Must be greater than 0. * @return mixed The sanitized data that shall be encoded to JSON. */ function _wp_json_sanity_check( $value, $depth ) { if ( $depth < 0 ) { throw new Exception( 'Reached depth limit' ); } if ( is_array( $value ) ) { $output = array(); foreach ( $value as $id => $el ) { // Don't forget to sanitize the ID! if ( is_string( $id ) ) { $clean_id = _wp_json_convert_string( $id ); } else { $clean_id = $id; } // Check the element type, so that we're only recursing if we really have to. if ( is_array( $el ) || is_object( $el ) ) { $output[ $clean_id ] = _wp_json_sanity_check( $el, $depth - 1 ); } elseif ( is_string( $el ) ) { $output[ $clean_id ] = _wp_json_convert_string( $el ); } else { $output[ $clean_id ] = $el; } } } elseif ( is_object( $value ) ) { $output = new stdClass(); foreach ( $value as $id => $el ) { if ( is_string( $id ) ) { $clean_id = _wp_json_convert_string( $id ); } else { $clean_id = $id; } if ( is_array( $el ) || is_object( $el ) ) { $output->$clean_id = _wp_json_sanity_check( $el, $depth - 1 ); } elseif ( is_string( $el ) ) { $output->$clean_id = _wp_json_convert_string( $el ); } else { $output->$clean_id = $el; } } } elseif ( is_string( $value ) ) { return _wp_json_convert_string( $value ); } else { return $value; } return $output; } /** * Converts a string to UTF-8, so that it can be safely encoded to JSON. * * @ignore * @since 4.1.0 * @access private * * @see _wp_json_sanity_check() * * @param string $input_string The string which is to be converted. * @return string The checked string. */ function _wp_json_convert_string( $input_string ) { static $use_mb = null; if ( is_null( $use_mb ) ) { $use_mb = function_exists( 'mb_convert_encoding' ); } if ( $use_mb ) { $encoding = mb_detect_encoding( $input_string, mb_detect_order(), true ); if ( $encoding ) { return mb_convert_encoding( $input_string, 'UTF-8', $encoding ); } else { return mb_convert_encoding( $input_string, 'UTF-8', 'UTF-8' ); } } else { return wp_check_invalid_utf8( $input_string, true ); } } /** * Prepares response data to be serialized to JSON. * * This supports the JsonSerializable interface for PHP 5.2-5.3 as well. * * @ignore * @since 4.4.0 * @deprecated 5.3.0 This function is no longer needed as support for PHP 5.2-5.3 * has been dropped. * @access private * * @param mixed $value Native representation. * @return bool|int|float|null|string|array Data ready for `json_encode()`. */ function _wp_json_prepare_data( $value ) { _deprecated_function( __FUNCTION__, '5.3.0' ); return $value; } /** * Sends a JSON response back to an Ajax request. * * @since 3.5.0 * @since 4.7.0 The `$status_code` parameter was added. * @since 5.6.0 The `$flags` parameter was added. * * @param mixed $response Variable (usually an array or object) to encode as JSON, * then print and die. * @param int $status_code Optional. The HTTP status code to output. Default null. * @param int $flags Optional. Options to be passed to json_encode(). Default 0. */ function wp_send_json( $response, $status_code = null, $flags = 0 ) { if ( wp_is_serving_rest_request() ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: WP_REST_Response, 2: WP_Error */ __( 'Return a %1$s or %2$s object from your callback when using the REST API.' ), 'WP_REST_Response', 'WP_Error' ), '5.5.0' ); } if ( ! headers_sent() ) { header( 'Content-Type: application/json; charset=' . get_option( 'blog_charset' ) ); if ( null !== $status_code ) { status_header( $status_code ); } } echo wp_json_encode( $response, $flags ); if ( wp_doing_ajax() ) { wp_die( '', '', array( 'response' => null, ) ); } else { die; } } /** * Sends a JSON response back to an Ajax request, indicating success. * * @since 3.5.0 * @since 4.7.0 The `$status_code` parameter was added. * @since 5.6.0 The `$flags` parameter was added. * * @param mixed $value Optional. Data to encode as JSON, then print and die. Default null. * @param int $status_code Optional. The HTTP status code to output. Default null. * @param int $flags Optional. Options to be passed to json_encode(). Default 0. */ function wp_send_json_success( $value = null, $status_code = null, $flags = 0 ) { $response = array( 'success' => true ); if ( isset( $value ) ) { $response['data'] = $value; } wp_send_json( $response, $status_code, $flags ); } /** * Sends a JSON response back to an Ajax request, indicating failure. * * If the `$value` parameter is a WP_Error object, the errors * within the object are processed and output as an array of error * codes and corresponding messages. All other types are output * without further processing. * * @since 3.5.0 * @since 4.1.0 The `$value` parameter is now processed if a WP_Error object is passed in. * @since 4.7.0 The `$status_code` parameter was added. * @since 5.6.0 The `$flags` parameter was added. * * @param mixed $value Optional. Data to encode as JSON, then print and die. Default null. * @param int $status_code Optional. The HTTP status code to output. Default null. * @param int $flags Optional. Options to be passed to json_encode(). Default 0. */ function wp_send_json_error( $value = null, $status_code = null, $flags = 0 ) { $response = array( 'success' => false ); if ( isset( $value ) ) { if ( is_wp_error( $value ) ) { $result = array(); foreach ( $value->errors as $code => $messages ) { foreach ( $messages as $message ) { $result[] = array( 'code' => $code, 'message' => $message, ); } } $response['data'] = $result; } else { $response['data'] = $value; } } wp_send_json( $response, $status_code, $flags ); } /** * Checks that a JSONP callback is a valid JavaScript callback name. * * Only allows alphanumeric characters and the dot character in callback * function names. This helps to mitigate XSS attacks caused by directly * outputting user input. * * @since 4.6.0 * * @param string $callback Supplied JSONP callback function name. * @return bool Whether the callback function name is valid. */ function wp_check_jsonp_callback( $callback ) { if ( ! is_string( $callback ) ) { return false; } preg_replace( '/[^\w\.]/', '', $callback, -1, $illegal_char_count ); return 0 === $illegal_char_count; } /** * Reads and decodes a JSON file. * * @since 5.9.0 * * @param string $filename Path to the JSON file. * @param array $options { * Optional. Options to be used with `json_decode()`. * * @type bool $associative Optional. When `true`, JSON objects will be returned as associative arrays. * When `false`, JSON objects will be returned as objects. Default false. * } * * @return mixed Returns the value encoded in JSON in appropriate PHP type. * `null` is returned if the file is not found, or its content can't be decoded. */ function wp_json_file_decode( $filename, $options = array() ) { $result = null; $filename = wp_normalize_path( realpath( $filename ) ); if ( ! $filename ) { wp_trigger_error( __FUNCTION__, sprintf( /* translators: %s: Path to the JSON file. */ __( "File %s doesn't exist!" ), $filename ) ); return $result; } $options = wp_parse_args( $options, array( 'associative' => false ) ); $decoded_file = json_decode( file_get_contents( $filename ), $options['associative'] ); if ( JSON_ERROR_NONE !== json_last_error() ) { wp_trigger_error( __FUNCTION__, sprintf( /* translators: 1: Path to the JSON file, 2: Error message. */ __( 'Error when decoding a JSON file at path %1$s: %2$s' ), $filename, json_last_error_msg() ) ); return $result; } return $decoded_file; } /** * Retrieves the WordPress home page URL. * * If the constant named 'WP_HOME' exists, then it will be used and returned * by the function. This can be used to counter the redirection on your local * development environment. * * @since 2.2.0 * @access private * * @see WP_HOME * * @param string $url URL for the home location. * @return string Homepage location. */ function _config_wp_home( $url = '' ) { if ( defined( 'WP_HOME' ) ) { return untrailingslashit( WP_HOME ); } return $url; } /** * Retrieves the WordPress site URL. * * If the constant named 'WP_SITEURL' is defined, then the value in that * constant will always be returned. This can be used for debugging a site * on your localhost while not having to change the database to your URL. * * @since 2.2.0 * @access private * * @see WP_SITEURL * * @param string $url URL to set the WordPress site location. * @return string The WordPress site URL. */ function _config_wp_siteurl( $url = '' ) { if ( defined( 'WP_SITEURL' ) ) { return untrailingslashit( WP_SITEURL ); } return $url; } /** * Deletes the fresh site option. * * @since 4.7.0 * @access private */ function _delete_option_fresh_site() { update_option( 'fresh_site', '0', false ); } /** * Sets the localized direction for MCE plugin. * * Will only set the direction to 'rtl', if the WordPress locale has * the text direction set to 'rtl'. * * Fills in the 'directionality' setting, enables the 'directionality' * plugin, and adds the 'ltr' button to 'toolbar1', formerly * 'theme_advanced_buttons1' array keys. These keys are then returned * in the $mce_init (TinyMCE settings) array. * * @since 2.1.0 * @access private * * @param array $mce_init MCE settings array. * @return array Direction set for 'rtl', if needed by locale. */ function _mce_set_direction( $mce_init ) { if ( is_rtl() ) { $mce_init['directionality'] = 'rtl'; $mce_init['rtl_ui'] = true; if ( ! empty( $mce_init['plugins'] ) && ! str_contains( $mce_init['plugins'], 'directionality' ) ) { $mce_init['plugins'] .= ',directionality'; } if ( ! empty( $mce_init['toolbar1'] ) && ! preg_match( '/\bltr\b/', $mce_init['toolbar1'] ) ) { $mce_init['toolbar1'] .= ',ltr'; } } return $mce_init; } /** * Determines whether WordPress is currently serving a REST API request. * * The function relies on the 'REST_REQUEST' global. As such, it only returns true when an actual REST _request_ is * being made. It does not return true when a REST endpoint is hit as part of another request, e.g. for preloading a * REST response. See {@see wp_is_rest_endpoint()} for that purpose. * * This function should not be called until the {@see 'parse_request'} action, as the constant is only defined then, * even for an actual REST request. * * @since 6.5.0 * * @return bool True if it's a WordPress REST API request, false otherwise. */ function wp_is_serving_rest_request() { return defined( 'REST_REQUEST' ) && REST_REQUEST; } /** * Converts smiley code to the icon graphic file equivalent. * * You can turn off smilies, by going to the write setting screen and unchecking * the box, or by setting 'use_smilies' option to false or removing the option. * * Plugins may override the default smiley list by setting the $wpsmiliestrans * to an array, with the key the code the blogger types in and the value the * image file. * * The $wp_smiliessearch global is for the regular expression and is set each * time the function is called. * * The full list of smilies can be found in the function and won't be listed in * the description. Probably should create a Codex page for it, so that it is * available. * * @since 2.2.0 * * @global array $wpsmiliestrans * @global array $wp_smiliessearch */ function smilies_init() { global $wpsmiliestrans, $wp_smiliessearch; // Don't bother setting up smilies if they are disabled. if ( ! get_option( 'use_smilies' ) ) { return; } if ( ! isset( $wpsmiliestrans ) ) { $wpsmiliestrans = array( ':mrgreen:' => 'mrgreen.png', ':neutral:' => "\xf0\x9f\x98\x90", ':twisted:' => "\xf0\x9f\x98\x88", ':arrow:' => "\xe2\x9e\xa1", ':shock:' => "\xf0\x9f\x98\xaf", ':smile:' => "\xf0\x9f\x99\x82", ':???:' => "\xf0\x9f\x98\x95", ':cool:' => "\xf0\x9f\x98\x8e", ':evil:' => "\xf0\x9f\x91\xbf", ':grin:' => "\xf0\x9f\x98\x80", ':idea:' => "\xf0\x9f\x92\xa1", ':oops:' => "\xf0\x9f\x98\xb3", ':razz:' => "\xf0\x9f\x98\x9b", ':roll:' => "\xf0\x9f\x99\x84", ':wink:' => "\xf0\x9f\x98\x89", ':cry:' => "\xf0\x9f\x98\xa5", ':eek:' => "\xf0\x9f\x98\xae", ':lol:' => "\xf0\x9f\x98\x86", ':mad:' => "\xf0\x9f\x98\xa1", ':sad:' => "\xf0\x9f\x99\x81", '8-)' => "\xf0\x9f\x98\x8e", '8-O' => "\xf0\x9f\x98\xaf", ':-(' => "\xf0\x9f\x99\x81", ':-)' => "\xf0\x9f\x99\x82", ':-?' => "\xf0\x9f\x98\x95", ':-D' => "\xf0\x9f\x98\x80", ':-P' => "\xf0\x9f\x98\x9b", ':-o' => "\xf0\x9f\x98\xae", ':-x' => "\xf0\x9f\x98\xa1", ':-|' => "\xf0\x9f\x98\x90", ';-)' => "\xf0\x9f\x98\x89", // This one transformation breaks regular text with frequency. // '8)' => "\xf0\x9f\x98\x8e", '8O' => "\xf0\x9f\x98\xaf", ':(' => "\xf0\x9f\x99\x81", ':)' => "\xf0\x9f\x99\x82", ':?' => "\xf0\x9f\x98\x95", ':D' => "\xf0\x9f\x98\x80", ':P' => "\xf0\x9f\x98\x9b", ':o' => "\xf0\x9f\x98\xae", ':x' => "\xf0\x9f\x98\xa1", ':|' => "\xf0\x9f\x98\x90", ';)' => "\xf0\x9f\x98\x89", ':!:' => "\xe2\x9d\x97", ':?:' => "\xe2\x9d\x93", ); } /** * Filters all the smilies. * * This filter must be added before `smilies_init` is run, as * it is normally only run once to setup the smilies regex. * * @since 4.7.0 * * @param string[] $wpsmiliestrans List of the smilies' hexadecimal representations, keyed by their smily code. */ $wpsmiliestrans = apply_filters( 'smilies', $wpsmiliestrans ); if ( count( $wpsmiliestrans ) === 0 ) { return; } /* * NOTE: we sort the smilies in reverse key order. This is to make sure * we match the longest possible smilie (:???: vs :?) as the regular * expression used below is first-match */ krsort( $wpsmiliestrans ); $spaces = wp_spaces_regexp(); // Begin first "subpattern". $wp_smiliessearch = '/(?<=' . $spaces . '|^)'; $subchar = ''; foreach ( (array) $wpsmiliestrans as $smiley => $img ) { $firstchar = substr( $smiley, 0, 1 ); $rest = substr( $smiley, 1 ); // New subpattern? if ( $firstchar !== $subchar ) { if ( '' !== $subchar ) { $wp_smiliessearch .= ')(?=' . $spaces . '|$)'; // End previous "subpattern". $wp_smiliessearch .= '|(?<=' . $spaces . '|^)'; // Begin another "subpattern". } $subchar = $firstchar; $wp_smiliessearch .= preg_quote( $firstchar, '/' ) . '(?:'; } else { $wp_smiliessearch .= '|'; } $wp_smiliessearch .= preg_quote( $rest, '/' ); } $wp_smiliessearch .= ')(?=' . $spaces . '|$)/m'; } /** * Merges user defined arguments into defaults array. * * This function is used throughout WordPress to allow for both string or array * to be merged into another array. * * @since 2.2.0 * @since 2.3.0 `$args` can now also be an object. * * @param string|array|object $args Value to merge with $defaults. * @param array $defaults Optional. Array that serves as the defaults. * Default empty array. * @return array Merged user defined values with defaults. */ function wp_parse_args( $args, $defaults = array() ) { if ( is_object( $args ) ) { $parsed_args = get_object_vars( $args ); } elseif ( is_array( $args ) ) { $parsed_args =& $args; } else { wp_parse_str( $args, $parsed_args ); } if ( is_array( $defaults ) && $defaults ) { return array_merge( $defaults, $parsed_args ); } return $parsed_args; } /** * Converts a comma- or space-separated list of scalar values to an array. * * @since 5.1.0 * * @param array|string $input_list List of values. * @return array Array of values. */ function wp_parse_list( $input_list ) { if ( ! is_array( $input_list ) ) { return preg_split( '/[\s,]+/', $input_list, -1, PREG_SPLIT_NO_EMPTY ); } // Validate all entries of the list are scalar. $input_list = array_filter( $input_list, 'is_scalar' ); return $input_list; } /** * Cleans up an array, comma- or space-separated list of IDs. * * @since 3.0.0 * @since 5.1.0 Refactored to use wp_parse_list(). * * @param array|string $input_list List of IDs. * @return int[] Sanitized array of IDs. */ function wp_parse_id_list( $input_list ) { $input_list = wp_parse_list( $input_list ); return array_unique( array_map( 'absint', $input_list ) ); } /** * Cleans up an array, comma- or space-separated list of slugs. * * @since 4.7.0 * @since 5.1.0 Refactored to use wp_parse_list(). * * @param array|string $input_list List of slugs. * @return string[] Sanitized array of slugs. */ function wp_parse_slug_list( $input_list ) { $input_list = wp_parse_list( $input_list ); return array_unique( array_map( 'sanitize_title', $input_list ) ); } /** * Extracts a slice of an array, given a list of keys. * * @since 3.1.0 * * @param array $input_array The original array. * @param array $keys The list of keys. * @return array The array slice. */ function wp_array_slice_assoc( $input_array, $keys ) { $slice = array(); foreach ( $keys as $key ) { if ( isset( $input_array[ $key ] ) ) { $slice[ $key ] = $input_array[ $key ]; } } return $slice; } /** * Sorts the keys of an array alphabetically. * * The array is passed by reference so it doesn't get returned * which mimics the behavior of `ksort()`. * * @since 6.0.0 * * @param array $input_array The array to sort, passed by reference. */ function wp_recursive_ksort( &$input_array ) { foreach ( $input_array as &$value ) { if ( is_array( $value ) ) { wp_recursive_ksort( $value ); } } ksort( $input_array ); } /** * Accesses an array in depth based on a path of keys. * * It is the PHP equivalent of JavaScript's `lodash.get()` and mirroring it may help other components * retain some symmetry between client and server implementations. * * Example usage: * * $input_array = array( * 'a' => array( * 'b' => array( * 'c' => 1, * ), * ), * ); * _wp_array_get( $input_array, array( 'a', 'b', 'c' ) ); * * @internal * * @since 5.6.0 * @access private * * @param array $input_array An array from which we want to retrieve some information. * @param array $path An array of keys describing the path with which to retrieve information. * @param mixed $default_value Optional. The return value if the path does not exist within the array, * or if `$input_array` or `$path` are not arrays. Default null. * @return mixed The value from the path specified. */ function _wp_array_get( $input_array, $path, $default_value = null ) { // Confirm $path is valid. if ( ! is_array( $path ) || 0 === count( $path ) ) { return $default_value; } foreach ( $path as $path_element ) { if ( ! is_array( $input_array ) ) { return $default_value; } if ( is_string( $path_element ) || is_integer( $path_element ) || null === $path_element ) { /* * Check if the path element exists in the input array. * We check with `isset()` first, as it is a lot faster * than `array_key_exists()`. */ if ( isset( $path_element, $input_array[ $path_element ] ) ) { $input_array = $input_array[ $path_element ]; continue; } /* * If `isset()` returns false, we check with `array_key_exists()`, * which also checks for `null` values. */ if ( isset( $path_element ) && array_key_exists( $path_element, $input_array ) ) { $input_array = $input_array[ $path_element ]; continue; } } return $default_value; } return $input_array; } /** * Sets an array in depth based on a path of keys. * * It is the PHP equivalent of JavaScript's `lodash.set()` and mirroring it may help other components * retain some symmetry between client and server implementations. * * Example usage: * * $input_array = array(); * _wp_array_set( $input_array, array( 'a', 'b', 'c', 1 ) ); * * $input_array becomes: * array( * 'a' => array( * 'b' => array( * 'c' => 1, * ), * ), * ); * * @internal * * @since 5.8.0 * @access private * * @param array $input_array An array that we want to mutate to include a specific value in a path. * @param array $path An array of keys describing the path that we want to mutate. * @param mixed $value The value that will be set. */ function _wp_array_set( &$input_array, $path, $value = null ) { // Confirm $input_array is valid. if ( ! is_array( $input_array ) ) { return; } // Confirm $path is valid. if ( ! is_array( $path ) ) { return; } $path_length = count( $path ); if ( 0 === $path_length ) { return; } foreach ( $path as $path_element ) { if ( ! is_string( $path_element ) && ! is_integer( $path_element ) && ! is_null( $path_element ) ) { return; } } for ( $i = 0; $i < $path_length - 1; ++$i ) { $path_element = $path[ $i ]; if ( ! array_key_exists( $path_element, $input_array ) || ! is_array( $input_array[ $path_element ] ) ) { $input_array[ $path_element ] = array(); } $input_array = &$input_array[ $path_element ]; } $input_array[ $path[ $i ] ] = $value; } /** * This function is trying to replicate what * lodash's kebabCase (JS library) does in the client. * * The reason we need this function is that we do some processing * in both the client and the server (e.g.: we generate * preset classes from preset slugs) that needs to * create the same output. * * We can't remove or update the client's library due to backward compatibility * (some of the output of lodash's kebabCase is saved in the post content). * We have to make the server behave like the client. * * Changes to this function should follow updates in the client * with the same logic. * * @since 5.8.0 * * @link https://github.com/lodash/lodash/blob/4.17/dist/lodash.js#L14369 * @link https://github.com/lodash/lodash/blob/4.17/dist/lodash.js#L278 * @link https://github.com/lodash-php/lodash-php/blob/master/src/String/kebabCase.php * @link https://github.com/lodash-php/lodash-php/blob/master/src/internal/unicodeWords.php * * @param string $input_string The string to kebab-case. * * @return string kebab-cased-string. */ function _wp_to_kebab_case( $input_string ) { // Ignore the camelCase names for variables so the names are the same as lodash so comparing and porting new changes is easier. // phpcs:disable WordPress.NamingConventions.ValidVariableName.VariableNotSnakeCase /* * Some notable things we've removed compared to the lodash version are: * * - non-alphanumeric characters: rsAstralRange, rsEmoji, etc * - the groups that processed the apostrophe, as it's removed before passing the string to preg_match: rsApos, rsOptContrLower, and rsOptContrUpper * */ /** Used to compose unicode character classes. */ $rsLowerRange = 'a-z\\xdf-\\xf6\\xf8-\\xff'; $rsNonCharRange = '\\x00-\\x2f\\x3a-\\x40\\x5b-\\x60\\x7b-\\xbf'; $rsPunctuationRange = '\\x{2000}-\\x{206f}'; $rsSpaceRange = ' \\t\\x0b\\f\\xa0\\x{feff}\\n\\r\\x{2028}\\x{2029}\\x{1680}\\x{180e}\\x{2000}\\x{2001}\\x{2002}\\x{2003}\\x{2004}\\x{2005}\\x{2006}\\x{2007}\\x{2008}\\x{2009}\\x{200a}\\x{202f}\\x{205f}\\x{3000}'; $rsUpperRange = 'A-Z\\xc0-\\xd6\\xd8-\\xde'; $rsBreakRange = $rsNonCharRange . $rsPunctuationRange . $rsSpaceRange; /** Used to compose unicode capture groups. */ $rsBreak = '[' . $rsBreakRange . ']'; $rsDigits = '\\d+'; // The last lodash version in GitHub uses a single digit here and expands it when in use. $rsLower = '[' . $rsLowerRange . ']'; $rsMisc = '[^' . $rsBreakRange . $rsDigits . $rsLowerRange . $rsUpperRange . ']'; $rsUpper = '[' . $rsUpperRange . ']'; /** Used to compose unicode regexes. */ $rsMiscLower = '(?:' . $rsLower . '|' . $rsMisc . ')'; $rsMiscUpper = '(?:' . $rsUpper . '|' . $rsMisc . ')'; $rsOrdLower = '\\d*(?:1st|2nd|3rd|(?![123])\\dth)(?=\\b|[A-Z_])'; $rsOrdUpper = '\\d*(?:1ST|2ND|3RD|(?![123])\\dTH)(?=\\b|[a-z_])'; $regexp = '/' . implode( '|', array( $rsUpper . '?' . $rsLower . '+' . '(?=' . implode( '|', array( $rsBreak, $rsUpper, '$' ) ) . ')', $rsMiscUpper . '+' . '(?=' . implode( '|', array( $rsBreak, $rsUpper . $rsMiscLower, '$' ) ) . ')', $rsUpper . '?' . $rsMiscLower . '+', $rsUpper . '+', $rsOrdUpper, $rsOrdLower, $rsDigits, ) ) . '/u'; preg_match_all( $regexp, str_replace( "'", '', $input_string ), $matches ); return strtolower( implode( '-', $matches[0] ) ); // phpcs:enable WordPress.NamingConventions.ValidVariableName.VariableNotSnakeCase } /** * Determines if the variable is a numeric-indexed array. * * @since 4.4.0 * * @param mixed $data Variable to check. * @return bool Whether the variable is a list. */ function wp_is_numeric_array( $data ) { if ( ! is_array( $data ) ) { return false; } $keys = array_keys( $data ); $string_keys = array_filter( $keys, 'is_string' ); return count( $string_keys ) === 0; } /** * Filters a list of objects, based on a set of key => value arguments. * * Retrieves the objects from the list that match the given arguments. * Key represents property name, and value represents property value. * * If an object has more properties than those specified in arguments, * that will not disqualify it. When using the 'AND' operator, * any missing properties will disqualify it. * * When using the `$field` argument, this function can also retrieve * a particular field from all matching objects, whereas wp_list_filter() * only does the filtering. * * @since 3.0.0 * @since 4.7.0 Uses `WP_List_Util` class. * * @param array $input_list An array of objects to filter. * @param array $args Optional. An array of key => value arguments to match * against each object. Default empty array. * @param string $operator Optional. The logical operation to perform. 'AND' means * all elements from the array must match. 'OR' means only * one element needs to match. 'NOT' means no elements may * match. Default 'AND'. * @param bool|string $field Optional. A field from the object to place instead * of the entire object. Default false. * @return array A list of objects or object fields. */ function wp_filter_object_list( $input_list, $args = array(), $operator = 'and', $field = false ) { if ( ! is_array( $input_list ) ) { return array(); } $util = new WP_List_Util( $input_list ); $util->filter( $args, $operator ); if ( $field ) { $util->pluck( $field ); } return $util->get_output(); } /** * Filters a list of objects, based on a set of key => value arguments. * * Retrieves the objects from the list that match the given arguments. * Key represents property name, and value represents property value. * * If an object has more properties than those specified in arguments, * that will not disqualify it. When using the 'AND' operator, * any missing properties will disqualify it. * * If you want to retrieve a particular field from all matching objects, * use wp_filter_object_list() instead. * * @since 3.1.0 * @since 4.7.0 Uses `WP_List_Util` class. * @since 5.9.0 Converted into a wrapper for `wp_filter_object_list()`. * * @param array $input_list An array of objects to filter. * @param array $args Optional. An array of key => value arguments to match * against each object. Default empty array. * @param string $operator Optional. The logical operation to perform. 'AND' means * all elements from the array must match. 'OR' means only * one element needs to match. 'NOT' means no elements may * match. Default 'AND'. * @return array Array of found values. */ function wp_list_filter( $input_list, $args = array(), $operator = 'AND' ) { return wp_filter_object_list( $input_list, $args, $operator ); } /** * Plucks a certain field out of each object or array in an array. * * This has the same functionality and prototype of * array_column() (PHP 5.5) but also supports objects. * * @since 3.1.0 * @since 4.0.0 $index_key parameter added. * @since 4.7.0 Uses `WP_List_Util` class. * * @param array $input_list List of objects or arrays. * @param int|string $field Field from the object to place instead of the entire object. * @param int|string $index_key Optional. Field from the object to use as keys for the new array. * Default null. * @return array Array of found values. If `$index_key` is set, an array of found values with keys * corresponding to `$index_key`. If `$index_key` is null, array keys from the original * `$input_list` will be preserved in the results. */ function wp_list_pluck( $input_list, $field, $index_key = null ) { if ( ! is_array( $input_list ) ) { return array(); } $util = new WP_List_Util( $input_list ); return $util->pluck( $field, $index_key ); } /** * Sorts an array of objects or arrays based on one or more orderby arguments. * * @since 4.7.0 * * @param array $input_list An array of objects or arrays to sort. * @param string|array $orderby Optional. Either the field name to order by or an array * of multiple orderby fields as `$orderby => $order`. * Default empty array. * @param string $order Optional. Either 'ASC' or 'DESC'. Only used if `$orderby` * is a string. Default 'ASC'. * @param bool $preserve_keys Optional. Whether to preserve keys. Default false. * @return array The sorted array. */ function wp_list_sort( $input_list, $orderby = array(), $order = 'ASC', $preserve_keys = false ) { if ( ! is_array( $input_list ) ) { return array(); } $util = new WP_List_Util( $input_list ); return $util->sort( $orderby, $order, $preserve_keys ); } /** * Determines if Widgets library should be loaded. * * Checks to make sure that the widgets library hasn't already been loaded. * If it hasn't, then it will load the widgets library and run an action hook. * * @since 2.2.0 */ function wp_maybe_load_widgets() { /** * Filters whether to load the Widgets library. * * Returning a falsey value from the filter will effectively short-circuit * the Widgets library from loading. * * @since 2.8.0 * * @param bool $wp_maybe_load_widgets Whether to load the Widgets library. * Default true. */ if ( ! apply_filters( 'load_default_widgets', true ) ) { return; } require_once ABSPATH . WPINC . '/default-widgets.php'; add_action( '_admin_menu', 'wp_widgets_add_menu' ); } /** * Appends the Widgets menu to the themes main menu. * * @since 2.2.0 * @since 5.9.3 Don't specify menu order when the active theme is a block theme. * * @global array $submenu */ function wp_widgets_add_menu() { global $submenu; if ( ! current_theme_supports( 'widgets' ) ) { return; } $menu_name = __( 'Widgets' ); if ( wp_is_block_theme() ) { $submenu['themes.php'][] = array( $menu_name, 'edit_theme_options', 'widgets.php' ); } else { $submenu['themes.php'][8] = array( $menu_name, 'edit_theme_options', 'widgets.php' ); } ksort( $submenu['themes.php'], SORT_NUMERIC ); } /** * Flushes all output buffers for PHP 5.2. * * Make sure all output buffers are flushed before our singletons are destroyed. * * @since 2.2.0 */ function wp_ob_end_flush_all() { $levels = ob_get_level(); for ( $i = 0; $i < $levels; $i++ ) { ob_end_flush(); } } /** * Loads custom DB error or display WordPress DB error. * * If a file exists in the wp-content directory named db-error.php, then it will * be loaded instead of displaying the WordPress DB error. If it is not found, * then the WordPress DB error will be displayed instead. * * The WordPress DB error sets the HTTP status header to 500 to try to prevent * search engines from caching the message. Custom DB messages should do the * same. * * This function was backported to WordPress 2.3.2, but originally was added * in WordPress 2.5.0. * * @since 2.3.2 * * @global wpdb $wpdb WordPress database abstraction object. */ function dead_db() { global $wpdb; wp_load_translations_early(); // Load custom DB error template, if present. if ( file_exists( WP_CONTENT_DIR . '/db-error.php' ) ) { require_once WP_CONTENT_DIR . '/db-error.php'; die(); } // If installing or in the admin, provide the verbose message. if ( wp_installing() || defined( 'WP_ADMIN' ) ) { wp_die( $wpdb->error ); } // Otherwise, be terse. wp_die( '<h1>' . __( 'Error establishing a database connection' ) . '</h1>', __( 'Database Error' ) ); } /** * Marks a function as deprecated and inform when it has been used. * * There is a {@see 'deprecated_function_run'} hook that will be called that can be used * to get the backtrace up to what file and function called the deprecated function. * * The current behavior is to trigger a user error if `WP_DEBUG` is true. * * This function is to be used in every function that is deprecated. * * @since 2.5.0 * @since 5.4.0 This function is no longer marked as "private". * @since 5.4.0 The error type is now classified as E_USER_DEPRECATED (used to default to E_USER_NOTICE). * * @param string $function_name The function that was called. * @param string $version The version of WordPress that deprecated the function. * @param string $replacement Optional. The function that should have been called. Default empty string. */ function _deprecated_function( $function_name, $version, $replacement = '' ) { /** * Fires when a deprecated function is called. * * @since 2.5.0 * * @param string $function_name The function that was called. * @param string $replacement The function that should have been called. * @param string $version The version of WordPress that deprecated the function. */ do_action( 'deprecated_function_run', $function_name, $replacement, $version ); /** * Filters whether to trigger an error for deprecated functions. * * @since 2.5.0 * * @param bool $trigger Whether to trigger the error for deprecated functions. Default true. */ if ( WP_DEBUG && apply_filters( 'deprecated_function_trigger_error', true ) ) { if ( function_exists( '__' ) ) { if ( $replacement ) { $message = sprintf( /* translators: 1: PHP function name, 2: Version number, 3: Alternative function name. */ __( 'Function %1$s is <strong>deprecated</strong> since version %2$s! Use %3$s instead.' ), $function_name, $version, $replacement ); } else { $message = sprintf( /* translators: 1: PHP function name, 2: Version number. */ __( 'Function %1$s is <strong>deprecated</strong> since version %2$s with no alternative available.' ), $function_name, $version ); } } else { if ( $replacement ) { $message = sprintf( 'Function %1$s is <strong>deprecated</strong> since version %2$s! Use %3$s instead.', $function_name, $version, $replacement ); } else { $message = sprintf( 'Function %1$s is <strong>deprecated</strong> since version %2$s with no alternative available.', $function_name, $version ); } } wp_trigger_error( '', $message, E_USER_DEPRECATED ); } } /** * Marks a constructor as deprecated and informs when it has been used. * * Similar to _deprecated_function(), but with different strings. Used to * remove PHP4-style constructors. * * The current behavior is to trigger a user error if `WP_DEBUG` is true. * * This function is to be used in every PHP4-style constructor method that is deprecated. * * @since 4.3.0 * @since 4.5.0 Added the `$parent_class` parameter. * @since 5.4.0 This function is no longer marked as "private". * @since 5.4.0 The error type is now classified as E_USER_DEPRECATED (used to default to E_USER_NOTICE). * * @param string $class_name The class containing the deprecated constructor. * @param string $version The version of WordPress that deprecated the function. * @param string $parent_class Optional. The parent class calling the deprecated constructor. * Default empty string. */ function _deprecated_constructor( $class_name, $version, $parent_class = '' ) { /** * Fires when a deprecated constructor is called. * * @since 4.3.0 * @since 4.5.0 Added the `$parent_class` parameter. * * @param string $class_name The class containing the deprecated constructor. * @param string $version The version of WordPress that deprecated the function. * @param string $parent_class The parent class calling the deprecated constructor. */ do_action( 'deprecated_constructor_run', $class_name, $version, $parent_class ); /** * Filters whether to trigger an error for deprecated functions. * * `WP_DEBUG` must be true in addition to the filter evaluating to true. * * @since 4.3.0 * * @param bool $trigger Whether to trigger the error for deprecated functions. Default true. */ if ( WP_DEBUG && apply_filters( 'deprecated_constructor_trigger_error', true ) ) { if ( function_exists( '__' ) ) { if ( $parent_class ) { $message = sprintf( /* translators: 1: PHP class name, 2: PHP parent class name, 3: Version number, 4: __construct() method. */ __( 'The called constructor method for %1$s class in %2$s is <strong>deprecated</strong> since version %3$s! Use %4$s instead.' ), $class_name, $parent_class, $version, '<code>__construct()</code>' ); } else { $message = sprintf( /* translators: 1: PHP class name, 2: Version number, 3: __construct() method. */ __( 'The called constructor method for %1$s class is <strong>deprecated</strong> since version %2$s! Use %3$s instead.' ), $class_name, $version, '<code>__construct()</code>' ); } } else { if ( $parent_class ) { $message = sprintf( 'The called constructor method for %1$s class in %2$s is <strong>deprecated</strong> since version %3$s! Use %4$s instead.', $class_name, $parent_class, $version, '<code>__construct()</code>' ); } else { $message = sprintf( 'The called constructor method for %1$s class is <strong>deprecated</strong> since version %2$s! Use %3$s instead.', $class_name, $version, '<code>__construct()</code>' ); } } wp_trigger_error( '', $message, E_USER_DEPRECATED ); } } /** * Marks a class as deprecated and informs when it has been used. * * There is a {@see 'deprecated_class_run'} hook that will be called that can be used * to get the backtrace up to what file and function called the deprecated class. * * The current behavior is to trigger a user error if `WP_DEBUG` is true. * * This function is to be used in the class constructor for every deprecated class. * See {@see _deprecated_constructor()} for deprecating PHP4-style constructors. * * @since 6.4.0 * * @param string $class_name The name of the class being instantiated. * @param string $version The version of WordPress that deprecated the class. * @param string $replacement Optional. The class or function that should have been called. * Default empty string. */ function _deprecated_class( $class_name, $version, $replacement = '' ) { /** * Fires when a deprecated class is called. * * @since 6.4.0 * * @param string $class_name The name of the class being instantiated. * @param string $replacement The class or function that should have been called. * @param string $version The version of WordPress that deprecated the class. */ do_action( 'deprecated_class_run', $class_name, $replacement, $version ); /** * Filters whether to trigger an error for a deprecated class. * * @since 6.4.0 * * @param bool $trigger Whether to trigger an error for a deprecated class. Default true. */ if ( WP_DEBUG && apply_filters( 'deprecated_class_trigger_error', true ) ) { if ( function_exists( '__' ) ) { if ( $replacement ) { $message = sprintf( /* translators: 1: PHP class name, 2: Version number, 3: Alternative class or function name. */ __( 'Class %1$s is <strong>deprecated</strong> since version %2$s! Use %3$s instead.' ), $class_name, $version, $replacement ); } else { $message = sprintf( /* translators: 1: PHP class name, 2: Version number. */ __( 'Class %1$s is <strong>deprecated</strong> since version %2$s with no alternative available.' ), $class_name, $version ); } } else { if ( $replacement ) { $message = sprintf( 'Class %1$s is <strong>deprecated</strong> since version %2$s! Use %3$s instead.', $class_name, $version, $replacement ); } else { $message = sprintf( 'Class %1$s is <strong>deprecated</strong> since version %2$s with no alternative available.', $class_name, $version ); } } wp_trigger_error( '', $message, E_USER_DEPRECATED ); } } /** * Marks a file as deprecated and inform when it has been used. * * There is a {@see 'deprecated_file_included'} hook that will be called that can be used * to get the backtrace up to what file and function included the deprecated file. * * The current behavior is to trigger a user error if `WP_DEBUG` is true. * * This function is to be used in every file that is deprecated. * * @since 2.5.0 * @since 5.4.0 This function is no longer marked as "private". * @since 5.4.0 The error type is now classified as E_USER_DEPRECATED (used to default to E_USER_NOTICE). * * @param string $file The file that was included. * @param string $version The version of WordPress that deprecated the file. * @param string $replacement Optional. The file that should have been included based on ABSPATH. * Default empty string. * @param string $message Optional. A message regarding the change. Default empty string. */ function _deprecated_file( $file, $version, $replacement = '', $message = '' ) { /** * Fires when a deprecated file is called. * * @since 2.5.0 * * @param string $file The file that was called. * @param string $replacement The file that should have been included based on ABSPATH. * @param string $version The version of WordPress that deprecated the file. * @param string $message A message regarding the change. */ do_action( 'deprecated_file_included', $file, $replacement, $version, $message ); /** * Filters whether to trigger an error for deprecated files. * * @since 2.5.0 * * @param bool $trigger Whether to trigger the error for deprecated files. Default true. */ if ( WP_DEBUG && apply_filters( 'deprecated_file_trigger_error', true ) ) { $message = empty( $message ) ? '' : ' ' . $message; if ( function_exists( '__' ) ) { if ( $replacement ) { $message = sprintf( /* translators: 1: PHP file name, 2: Version number, 3: Alternative file name. */ __( 'File %1$s is <strong>deprecated</strong> since version %2$s! Use %3$s instead.' ), $file, $version, $replacement ) . $message; } else { $message = sprintf( /* translators: 1: PHP file name, 2: Version number. */ __( 'File %1$s is <strong>deprecated</strong> since version %2$s with no alternative available.' ), $file, $version ) . $message; } } else { if ( $replacement ) { $message = sprintf( 'File %1$s is <strong>deprecated</strong> since version %2$s! Use %3$s instead.', $file, $version, $replacement ); } else { $message = sprintf( 'File %1$s is <strong>deprecated</strong> since version %2$s with no alternative available.', $file, $version ) . $message; } } wp_trigger_error( '', $message, E_USER_DEPRECATED ); } } /** * Marks a function argument as deprecated and inform when it has been used. * * This function is to be used whenever a deprecated function argument is used. * Before this function is called, the argument must be checked for whether it was * used by comparing it to its default value or evaluating whether it is empty. * * For example: * * if ( ! empty( $deprecated ) ) { * _deprecated_argument( __FUNCTION__, '3.0.0' ); * } * * There is a {@see 'deprecated_argument_run'} hook that will be called that can be used * to get the backtrace up to what file and function used the deprecated argument. * * The current behavior is to trigger a user error if WP_DEBUG is true. * * @since 3.0.0 * @since 5.4.0 This function is no longer marked as "private". * @since 5.4.0 The error type is now classified as E_USER_DEPRECATED (used to default to E_USER_NOTICE). * * @param string $function_name The function that was called. * @param string $version The version of WordPress that deprecated the argument used. * @param string $message Optional. A message regarding the change. Default empty string. */ function _deprecated_argument( $function_name, $version, $message = '' ) { /** * Fires when a deprecated argument is called. * * @since 3.0.0 * * @param string $function_name The function that was called. * @param string $message A message regarding the change. * @param string $version The version of WordPress that deprecated the argument used. */ do_action( 'deprecated_argument_run', $function_name, $message, $version ); /** * Filters whether to trigger an error for deprecated arguments. * * @since 3.0.0 * * @param bool $trigger Whether to trigger the error for deprecated arguments. Default true. */ if ( WP_DEBUG && apply_filters( 'deprecated_argument_trigger_error', true ) ) { if ( function_exists( '__' ) ) { if ( $message ) { $message = sprintf( /* translators: 1: PHP function name, 2: Version number, 3: Optional message regarding the change. */ __( 'Function %1$s was called with an argument that is <strong>deprecated</strong> since version %2$s! %3$s' ), $function_name, $version, $message ); } else { $message = sprintf( /* translators: 1: PHP function name, 2: Version number. */ __( 'Function %1$s was called with an argument that is <strong>deprecated</strong> since version %2$s with no alternative available.' ), $function_name, $version ); } } else { if ( $message ) { $message = sprintf( 'Function %1$s was called with an argument that is <strong>deprecated</strong> since version %2$s! %3$s', $function_name, $version, $message ); } else { $message = sprintf( 'Function %1$s was called with an argument that is <strong>deprecated</strong> since version %2$s with no alternative available.', $function_name, $version ); } } wp_trigger_error( '', $message, E_USER_DEPRECATED ); } } /** * Marks a deprecated action or filter hook as deprecated and throws a notice. * * Use the {@see 'deprecated_hook_run'} action to get the backtrace describing where * the deprecated hook was called. * * Default behavior is to trigger a user error if `WP_DEBUG` is true. * * This function is called by the do_action_deprecated() and apply_filters_deprecated() * functions, and so generally does not need to be called directly. * * @since 4.6.0 * @since 5.4.0 The error type is now classified as E_USER_DEPRECATED (used to default to E_USER_NOTICE). * @access private * * @param string $hook The hook that was used. * @param string $version The version of WordPress that deprecated the hook. * @param string $replacement Optional. The hook that should have been used. Default empty string. * @param string $message Optional. A message regarding the change. Default empty. */ function _deprecated_hook( $hook, $version, $replacement = '', $message = '' ) { /** * Fires when a deprecated hook is called. * * @since 4.6.0 * * @param string $hook The hook that was called. * @param string $replacement The hook that should be used as a replacement. * @param string $version The version of WordPress that deprecated the argument used. * @param string $message A message regarding the change. */ do_action( 'deprecated_hook_run', $hook, $replacement, $version, $message ); /** * Filters whether to trigger deprecated hook errors. * * @since 4.6.0 * * @param bool $trigger Whether to trigger deprecated hook errors. Requires * `WP_DEBUG` to be defined true. */ if ( WP_DEBUG && apply_filters( 'deprecated_hook_trigger_error', true ) ) { $message = empty( $message ) ? '' : ' ' . $message; if ( $replacement ) { $message = sprintf( /* translators: 1: WordPress hook name, 2: Version number, 3: Alternative hook name. */ __( 'Hook %1$s is <strong>deprecated</strong> since version %2$s! Use %3$s instead.' ), $hook, $version, $replacement ) . $message; } else { $message = sprintf( /* translators: 1: WordPress hook name, 2: Version number. */ __( 'Hook %1$s is <strong>deprecated</strong> since version %2$s with no alternative available.' ), $hook, $version ) . $message; } wp_trigger_error( '', $message, E_USER_DEPRECATED ); } } /** * Marks something as being incorrectly called. * * There is a {@see 'doing_it_wrong_run'} hook that will be called that can be used * to get the backtrace up to what file and function called the deprecated function. * * The current behavior is to trigger a user error if `WP_DEBUG` is true. * * @since 3.1.0 * @since 5.4.0 This function is no longer marked as "private". * * @param string $function_name The function that was called. * @param string $message A message explaining what has been done incorrectly. * @param string $version The version of WordPress where the message was added. */ function _doing_it_wrong( $function_name, $message, $version ) { /** * Fires when the given function is being used incorrectly. * * @since 3.1.0 * * @param string $function_name The function that was called. * @param string $message A message explaining what has been done incorrectly. * @param string $version The version of WordPress where the message was added. */ do_action( 'doing_it_wrong_run', $function_name, $message, $version ); /** * Filters whether to trigger an error for _doing_it_wrong() calls. * * @since 3.1.0 * @since 5.1.0 Added the $function_name, $message and $version parameters. * * @param bool $trigger Whether to trigger the error for _doing_it_wrong() calls. Default true. * @param string $function_name The function that was called. * @param string $message A message explaining what has been done incorrectly. * @param string $version The version of WordPress where the message was added. */ if ( WP_DEBUG && apply_filters( 'doing_it_wrong_trigger_error', true, $function_name, $message, $version ) ) { if ( function_exists( '__' ) ) { if ( $version ) { /* translators: %s: Version number. */ $version = sprintf( __( '(This message was added in version %s.)' ), $version ); } $message .= ' ' . sprintf( /* translators: %s: Documentation URL. */ __( 'Please see <a href="%s">Debugging in WordPress</a> for more information.' ), __( 'https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/' ) ); $message = sprintf( /* translators: Developer debugging message. 1: PHP function name, 2: Explanatory message, 3: WordPress version number. */ __( 'Function %1$s was called <strong>incorrectly</strong>. %2$s %3$s' ), $function_name, $message, $version ); } else { if ( $version ) { $version = sprintf( '(This message was added in version %s.)', $version ); } $message .= sprintf( ' Please see <a href="%s">Debugging in WordPress</a> for more information.', 'https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/' ); $message = sprintf( 'Function %1$s was called <strong>incorrectly</strong>. %2$s %3$s', $function_name, $message, $version ); } wp_trigger_error( '', $message ); } } /** * Generates a user-level error/warning/notice/deprecation message. * * Generates the message when `WP_DEBUG` is true. * * @since 6.4.0 * * @param string $function_name The function that triggered the error. * @param string $message The message explaining the error. * The message can contain allowed HTML 'a' (with href), 'code', * 'br', 'em', and 'strong' tags and http or https protocols. * If it contains other HTML tags or protocols, the message should be escaped * before passing to this function to avoid being stripped {@see wp_kses()}. * @param int $error_level Optional. The designated error type for this error. * Only works with E_USER family of constants. Default E_USER_NOTICE. */ function wp_trigger_error( $function_name, $message, $error_level = E_USER_NOTICE ) { // Bail out if WP_DEBUG is not turned on. if ( ! WP_DEBUG ) { return; } /** * Fires when the given function triggers a user-level error/warning/notice/deprecation message. * * Can be used for debug backtracking. * * @since 6.4.0 * * @param string $function_name The function that was called. * @param string $message A message explaining what has been done incorrectly. * @param int $error_level The designated error type for this error. */ do_action( 'wp_trigger_error_run', $function_name, $message, $error_level ); if ( ! empty( $function_name ) ) { $message = sprintf( '%s(): %s', $function_name, $message ); } $message = wp_kses( $message, array( 'a' => array( 'href' => true ), 'br' => array(), 'code' => array(), 'em' => array(), 'strong' => array(), ), array( 'http', 'https' ) ); if ( E_USER_ERROR === $error_level ) { throw new WP_Exception( $message ); } trigger_error( $message, $error_level ); } /** * Determines whether the server is running an earlier than 1.5.0 version of lighttpd. * * @since 2.5.0 * * @return bool Whether the server is running lighttpd < 1.5.0. */ function is_lighttpd_before_150() { $server_parts = explode( '/', isset( $_SERVER['SERVER_SOFTWARE'] ) ? $_SERVER['SERVER_SOFTWARE'] : '' ); $server_parts[1] = isset( $server_parts[1] ) ? $server_parts[1] : ''; return ( 'lighttpd' === $server_parts[0] && -1 === version_compare( $server_parts[1], '1.5.0' ) ); } /** * Determines whether the specified module exist in the Apache config. * * @since 2.5.0 * * @global bool $is_apache * * @param string $mod The module, e.g. mod_rewrite. * @param bool $default_value Optional. The default return value if the module is not found. Default false. * @return bool Whether the specified module is loaded. */ function apache_mod_loaded( $mod, $default_value = false ) { global $is_apache; if ( ! $is_apache ) { return false; } $loaded_mods = array(); if ( function_exists( 'apache_get_modules' ) ) { $loaded_mods = apache_get_modules(); if ( in_array( $mod, $loaded_mods, true ) ) { return true; } } if ( empty( $loaded_mods ) && function_exists( 'phpinfo' ) && ! str_contains( ini_get( 'disable_functions' ), 'phpinfo' ) ) { ob_start(); phpinfo( INFO_MODULES ); $phpinfo = ob_get_clean(); if ( str_contains( $phpinfo, $mod ) ) { return true; } } return $default_value; } /** * Checks if IIS 7+ supports pretty permalinks. * * @since 2.8.0 * * @global bool $is_iis7 * * @return bool Whether IIS7 supports permalinks. */ function iis7_supports_permalinks() { global $is_iis7; $supports_permalinks = false; if ( $is_iis7 ) { /* First we check if the DOMDocument class exists. If it does not exist, then we cannot * easily update the xml configuration file, hence we just bail out and tell user that * pretty permalinks cannot be used. * * Next we check if the URL Rewrite Module 1.1 is loaded and enabled for the website. When * URL Rewrite 1.1 is loaded it always sets a server variable called 'IIS_UrlRewriteModule'. * Lastly we make sure that PHP is running via FastCGI. This is important because if it runs * via ISAPI then pretty permalinks will not work. */ $supports_permalinks = class_exists( 'DOMDocument', false ) && isset( $_SERVER['IIS_UrlRewriteModule'] ) && ( 'cgi-fcgi' === PHP_SAPI ); } /** * Filters whether IIS 7+ supports pretty permalinks. * * @since 2.8.0 * * @param bool $supports_permalinks Whether IIS7 supports permalinks. Default false. */ return apply_filters( 'iis7_supports_permalinks', $supports_permalinks ); } /** * Validates a file name and path against an allowed set of rules. * * A return value of `1` means the file path contains directory traversal. * * A return value of `2` means the file path contains a Windows drive path. * * A return value of `3` means the file is not in the allowed files list. * * @since 1.2.0 * * @param string $file File path. * @param string[] $allowed_files Optional. Array of allowed files. Default empty array. * @return int 0 means nothing is wrong, greater than 0 means something was wrong. */ function validate_file( $file, $allowed_files = array() ) { if ( ! is_scalar( $file ) || '' === $file ) { return 0; } // Normalize path for Windows servers. $file = wp_normalize_path( $file ); // Normalize path for $allowed_files as well so it's an apples to apples comparison. $allowed_files = array_map( 'wp_normalize_path', $allowed_files ); // `../` on its own is not allowed: if ( '../' === $file ) { return 1; } // More than one occurrence of `../` is not allowed: if ( preg_match_all( '#\.\./#', $file, $matches, PREG_SET_ORDER ) && ( count( $matches ) > 1 ) ) { return 1; } // `../` which does not occur at the end of the path is not allowed: if ( str_contains( $file, '../' ) && '../' !== mb_substr( $file, -3, 3 ) ) { return 1; } // Files not in the allowed file list are not allowed: if ( ! empty( $allowed_files ) && ! in_array( $file, $allowed_files, true ) ) { return 3; } // Absolute Windows drive paths are not allowed: if ( ':' === substr( $file, 1, 1 ) ) { return 2; } return 0; } /** * Determines whether to force SSL used for the Administration Screens. * * @since 2.6.0 * * @param string|bool|null $force Optional. Whether to force SSL in admin screens. Default null. * @return bool True if forced, false if not forced. */ function force_ssl_admin( $force = null ) { static $forced = false; if ( ! is_null( $force ) ) { $old_forced = $forced; $forced = (bool) $force; return $old_forced; } return $forced; } /** * Guesses the URL for the site. * * Will remove wp-admin links to retrieve only return URLs not in the wp-admin * directory. * * @since 2.6.0 * * @return string The guessed URL. */ function wp_guess_url() { if ( defined( 'WP_SITEURL' ) && '' !== WP_SITEURL ) { $url = WP_SITEURL; } else { $abspath_fix = str_replace( '\\', '/', ABSPATH ); $script_filename_dir = dirname( $_SERVER['SCRIPT_FILENAME'] ); // The request is for the admin. if ( str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) || str_contains( $_SERVER['REQUEST_URI'], 'wp-login.php' ) ) { $path = preg_replace( '#/(wp-admin/?.*|wp-login\.php.*)#i', '', $_SERVER['REQUEST_URI'] ); // The request is for a file in ABSPATH. } elseif ( $script_filename_dir . '/' === $abspath_fix ) { // Strip off any file/query params in the path. $path = preg_replace( '#/[^/]*$#i', '', $_SERVER['PHP_SELF'] ); } else { if ( str_contains( $_SERVER['SCRIPT_FILENAME'], $abspath_fix ) ) { // Request is hitting a file inside ABSPATH. $directory = str_replace( ABSPATH, '', $script_filename_dir ); // Strip off the subdirectory, and any file/query params. $path = preg_replace( '#/' . preg_quote( $directory, '#' ) . '/[^/]*$#i', '', $_SERVER['REQUEST_URI'] ); } elseif ( str_contains( $abspath_fix, $script_filename_dir ) ) { // Request is hitting a file above ABSPATH. $subdirectory = substr( $abspath_fix, strpos( $abspath_fix, $script_filename_dir ) + strlen( $script_filename_dir ) ); // Strip off any file/query params from the path, appending the subdirectory to the installation. $path = preg_replace( '#/[^/]*$#i', '', $_SERVER['REQUEST_URI'] ) . $subdirectory; } else { $path = $_SERVER['REQUEST_URI']; } } $schema = is_ssl() ? 'https://' : 'http://'; // set_url_scheme() is not defined yet. $url = $schema . $_SERVER['HTTP_HOST'] . $path; } return rtrim( $url, '/' ); } /** * Temporarily suspends cache additions. * * Stops more data being added to the cache, but still allows cache retrieval. * This is useful for actions, such as imports, when a lot of data would otherwise * be almost uselessly added to the cache. * * Suspension lasts for a single page load at most. Remember to call this * function again if you wish to re-enable cache adds earlier. * * @since 3.3.0 * * @param bool $suspend Optional. Suspends additions if true, re-enables them if false. * Defaults to not changing the current setting. * @return bool The current suspend setting. */ function wp_suspend_cache_addition( $suspend = null ) { static $_suspend = false; if ( is_bool( $suspend ) ) { $_suspend = $suspend; } return $_suspend; } /** * Suspends cache invalidation. * * Turns cache invalidation on and off. Useful during imports where you don't want to do * invalidations every time a post is inserted. Callers must be sure that what they are * doing won't lead to an inconsistent cache when invalidation is suspended. * * @since 2.7.0 * * @global bool $_wp_suspend_cache_invalidation * * @param bool $suspend Optional. Whether to suspend or enable cache invalidation. Default true. * @return bool The current suspend setting. */ function wp_suspend_cache_invalidation( $suspend = true ) { global $_wp_suspend_cache_invalidation; $current_suspend = $_wp_suspend_cache_invalidation; $_wp_suspend_cache_invalidation = $suspend; return $current_suspend; } /** * Determines whether a site is the main site of the current network. * * @since 3.0.0 * @since 4.9.0 The `$network_id` parameter was added. * * @param int $site_id Optional. Site ID to test. Defaults to current site. * @param int $network_id Optional. Network ID of the network to check for. * Defaults to current network. * @return bool True if $site_id is the main site of the network, or if not * running Multisite. */ function is_main_site( $site_id = null, $network_id = null ) { if ( ! is_multisite() ) { return true; } if ( ! $site_id ) { $site_id = get_current_blog_id(); } $site_id = (int) $site_id; return get_main_site_id( $network_id ) === $site_id; } /** * Gets the main site ID. * * @since 4.9.0 * * @param int $network_id Optional. The ID of the network for which to get the main site. * Defaults to the current network. * @return int The ID of the main site. */ function get_main_site_id( $network_id = null ) { if ( ! is_multisite() ) { return get_current_blog_id(); } $network = get_network( $network_id ); if ( ! $network ) { return 0; } return $network->site_id; } /** * Determines whether a network is the main network of the Multisite installation. * * @since 3.7.0 * * @param int $network_id Optional. Network ID to test. Defaults to current network. * @return bool True if $network_id is the main network, or if not running Multisite. */ function is_main_network( $network_id = null ) { if ( ! is_multisite() ) { return true; } if ( null === $network_id ) { $network_id = get_current_network_id(); } $network_id = (int) $network_id; return ( get_main_network_id() === $network_id ); } /** * Gets the main network ID. * * @since 4.3.0 * * @return int The ID of the main network. */ function get_main_network_id() { if ( ! is_multisite() ) { return 1; } $current_network = get_network(); if ( defined( 'PRIMARY_NETWORK_ID' ) ) { $main_network_id = PRIMARY_NETWORK_ID; } elseif ( isset( $current_network->id ) && 1 === (int) $current_network->id ) { // If the current network has an ID of 1, assume it is the main network. $main_network_id = 1; } else { $_networks = get_networks( array( 'fields' => 'ids', 'number' => 1, ) ); $main_network_id = array_shift( $_networks ); } /** * Filters the main network ID. * * @since 4.3.0 * * @param int $main_network_id The ID of the main network. */ return (int) apply_filters( 'get_main_network_id', $main_network_id ); } /** * Determines whether site meta is enabled. * * This function checks whether the 'blogmeta' database table exists. The result is saved as * a setting for the main network, making it essentially a global setting. Subsequent requests * will refer to this setting instead of running the query. * * @since 5.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return bool True if site meta is supported, false otherwise. */ function is_site_meta_supported() { global $wpdb; if ( ! is_multisite() ) { return false; } $network_id = get_main_network_id(); $supported = get_network_option( $network_id, 'site_meta_supported', false ); if ( false === $supported ) { $supported = $wpdb->get_var( "SHOW TABLES LIKE '{$wpdb->blogmeta}'" ) ? 1 : 0; update_network_option( $network_id, 'site_meta_supported', $supported ); } return (bool) $supported; } /** * Modifies gmt_offset for smart timezone handling. * * Overrides the gmt_offset option if we have a timezone_string available. * * @since 2.8.0 * * @return float|false Timezone GMT offset, false otherwise. */ function wp_timezone_override_offset() { $timezone_string = get_option( 'timezone_string' ); if ( ! $timezone_string ) { return false; } $timezone_object = timezone_open( $timezone_string ); $datetime_object = date_create(); if ( false === $timezone_object || false === $datetime_object ) { return false; } return round( timezone_offset_get( $timezone_object, $datetime_object ) / HOUR_IN_SECONDS, 2 ); } /** * Sort-helper for timezones. * * @since 2.9.0 * @access private * * @param array $a * @param array $b * @return int */ function _wp_timezone_choice_usort_callback( $a, $b ) { // Don't use translated versions of Etc. if ( 'Etc' === $a['continent'] && 'Etc' === $b['continent'] ) { // Make the order of these more like the old dropdown. if ( str_starts_with( $a['city'], 'GMT+' ) && str_starts_with( $b['city'], 'GMT+' ) ) { return -1 * ( strnatcasecmp( $a['city'], $b['city'] ) ); } if ( 'UTC' === $a['city'] ) { if ( str_starts_with( $b['city'], 'GMT+' ) ) { return 1; } return -1; } if ( 'UTC' === $b['city'] ) { if ( str_starts_with( $a['city'], 'GMT+' ) ) { return -1; } return 1; } return strnatcasecmp( $a['city'], $b['city'] ); } if ( $a['t_continent'] === $b['t_continent'] ) { if ( $a['t_city'] === $b['t_city'] ) { return strnatcasecmp( $a['t_subcity'], $b['t_subcity'] ); } return strnatcasecmp( $a['t_city'], $b['t_city'] ); } else { // Force Etc to the bottom of the list. if ( 'Etc' === $a['continent'] ) { return 1; } if ( 'Etc' === $b['continent'] ) { return -1; } return strnatcasecmp( $a['t_continent'], $b['t_continent'] ); } } /** * Gives a nicely-formatted list of timezone strings. * * @since 2.9.0 * @since 4.7.0 Added the `$locale` parameter. * * @param string $selected_zone Selected timezone. * @param string $locale Optional. Locale to load the timezones in. Default current site locale. * @return string */ function wp_timezone_choice( $selected_zone, $locale = null ) { static $mo_loaded = false, $locale_loaded = null; $continents = array( 'Africa', 'America', 'Antarctica', 'Arctic', 'Asia', 'Atlantic', 'Australia', 'Europe', 'Indian', 'Pacific' ); // Load translations for continents and cities. if ( ! $mo_loaded || $locale !== $locale_loaded ) { $locale_loaded = $locale ? $locale : get_locale(); $mofile = WP_LANG_DIR . '/continents-cities-' . $locale_loaded . '.mo'; unload_textdomain( 'continents-cities', true ); load_textdomain( 'continents-cities', $mofile, $locale_loaded ); $mo_loaded = true; } $tz_identifiers = timezone_identifiers_list(); $zonen = array(); foreach ( $tz_identifiers as $zone ) { $zone = explode( '/', $zone ); if ( ! in_array( $zone[0], $continents, true ) ) { continue; } // This determines what gets set and translated - we don't translate Etc/* strings here, they are done later. $exists = array( 0 => ( isset( $zone[0] ) && $zone[0] ), 1 => ( isset( $zone[1] ) && $zone[1] ), 2 => ( isset( $zone[2] ) && $zone[2] ), ); $exists[3] = ( $exists[0] && 'Etc' !== $zone[0] ); $exists[4] = ( $exists[1] && $exists[3] ); $exists[5] = ( $exists[2] && $exists[3] ); // phpcs:disable WordPress.WP.I18n.LowLevelTranslationFunction,WordPress.WP.I18n.NonSingularStringLiteralText $zonen[] = array( 'continent' => ( $exists[0] ? $zone[0] : '' ), 'city' => ( $exists[1] ? $zone[1] : '' ), 'subcity' => ( $exists[2] ? $zone[2] : '' ), 't_continent' => ( $exists[3] ? translate( str_replace( '_', ' ', $zone[0] ), 'continents-cities' ) : '' ), 't_city' => ( $exists[4] ? translate( str_replace( '_', ' ', $zone[1] ), 'continents-cities' ) : '' ), 't_subcity' => ( $exists[5] ? translate( str_replace( '_', ' ', $zone[2] ), 'continents-cities' ) : '' ), ); // phpcs:enable } usort( $zonen, '_wp_timezone_choice_usort_callback' ); $structure = array(); if ( empty( $selected_zone ) ) { $structure[] = '<option selected="selected" value="">' . __( 'Select a city' ) . '</option>'; } // If this is a deprecated, but valid, timezone string, display it at the top of the list as-is. if ( in_array( $selected_zone, $tz_identifiers, true ) === false && in_array( $selected_zone, timezone_identifiers_list( DateTimeZone::ALL_WITH_BC ), true ) ) { $structure[] = '<option selected="selected" value="' . esc_attr( $selected_zone ) . '">' . esc_html( $selected_zone ) . '</option>'; } foreach ( $zonen as $key => $zone ) { // Build value in an array to join later. $value = array( $zone['continent'] ); if ( empty( $zone['city'] ) ) { // It's at the continent level (generally won't happen). $display = $zone['t_continent']; } else { // It's inside a continent group. // Continent optgroup. if ( ! isset( $zonen[ $key - 1 ] ) || $zonen[ $key - 1 ]['continent'] !== $zone['continent'] ) { $label = $zone['t_continent']; $structure[] = '<optgroup label="' . esc_attr( $label ) . '">'; } // Add the city to the value. $value[] = $zone['city']; $display = $zone['t_city']; if ( ! empty( $zone['subcity'] ) ) { // Add the subcity to the value. $value[] = $zone['subcity']; $display .= ' - ' . $zone['t_subcity']; } } // Build the value. $value = implode( '/', $value ); $selected = ''; if ( $value === $selected_zone ) { $selected = 'selected="selected" '; } $structure[] = '<option ' . $selected . 'value="' . esc_attr( $value ) . '">' . esc_html( $display ) . '</option>'; // Close continent optgroup. if ( ! empty( $zone['city'] ) && ( ! isset( $zonen[ $key + 1 ] ) || ( isset( $zonen[ $key + 1 ] ) && $zonen[ $key + 1 ]['continent'] !== $zone['continent'] ) ) ) { $structure[] = '</optgroup>'; } } // Do UTC. $structure[] = '<optgroup label="' . esc_attr__( 'UTC' ) . '">'; $selected = ''; if ( 'UTC' === $selected_zone ) { $selected = 'selected="selected" '; } $structure[] = '<option ' . $selected . 'value="' . esc_attr( 'UTC' ) . '">' . __( 'UTC' ) . '</option>'; $structure[] = '</optgroup>'; // Do manual UTC offsets. $structure[] = '<optgroup label="' . esc_attr__( 'Manual Offsets' ) . '">'; $offset_range = array( -12, -11.5, -11, -10.5, -10, -9.5, -9, -8.5, -8, -7.5, -7, -6.5, -6, -5.5, -5, -4.5, -4, -3.5, -3, -2.5, -2, -1.5, -1, -0.5, 0, 0.5, 1, 1.5, 2, 2.5, 3, 3.5, 4, 4.5, 5, 5.5, 5.75, 6, 6.5, 7, 7.5, 8, 8.5, 8.75, 9, 9.5, 10, 10.5, 11, 11.5, 12, 12.75, 13, 13.75, 14, ); foreach ( $offset_range as $offset ) { if ( 0 <= $offset ) { $offset_name = '+' . $offset; } else { $offset_name = (string) $offset; } $offset_value = $offset_name; $offset_name = str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), $offset_name ); $offset_name = 'UTC' . $offset_name; $offset_value = 'UTC' . $offset_value; $selected = ''; if ( $offset_value === $selected_zone ) { $selected = 'selected="selected" '; } $structure[] = '<option ' . $selected . 'value="' . esc_attr( $offset_value ) . '">' . esc_html( $offset_name ) . '</option>'; } $structure[] = '</optgroup>'; return implode( "\n", $structure ); } /** * Strips close comment and close php tags from file headers used by WP. * * @since 2.8.0 * @access private * * @see https://core.trac.wordpress.org/ticket/8497 * * @param string $str Header comment to clean up. * @return string */ function _cleanup_header_comment( $str ) { return trim( preg_replace( '/\s*(?:\*\/|\?>).*/', '', $str ) ); } /** * Permanently deletes comments or posts of any type that have held a status * of 'trash' for the number of days defined in EMPTY_TRASH_DAYS. * * The default value of `EMPTY_TRASH_DAYS` is 30 (days). * * @since 2.9.0 * * @global wpdb $wpdb WordPress database abstraction object. */ function wp_scheduled_delete() { global $wpdb; $delete_timestamp = time() - ( DAY_IN_SECONDS * EMPTY_TRASH_DAYS ); $posts_to_delete = $wpdb->get_results( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE meta_key = '_wp_trash_meta_time' AND meta_value < %d", $delete_timestamp ), ARRAY_A ); foreach ( (array) $posts_to_delete as $post ) { $post_id = (int) $post['post_id']; if ( ! $post_id ) { continue; } $del_post = get_post( $post_id ); if ( ! $del_post || 'trash' !== $del_post->post_status ) { delete_post_meta( $post_id, '_wp_trash_meta_status' ); delete_post_meta( $post_id, '_wp_trash_meta_time' ); } else { wp_delete_post( $post_id ); } } $comments_to_delete = $wpdb->get_results( $wpdb->prepare( "SELECT comment_id FROM $wpdb->commentmeta WHERE meta_key = '_wp_trash_meta_time' AND meta_value < %d", $delete_timestamp ), ARRAY_A ); foreach ( (array) $comments_to_delete as $comment ) { $comment_id = (int) $comment['comment_id']; if ( ! $comment_id ) { continue; } $del_comment = get_comment( $comment_id ); if ( ! $del_comment || 'trash' !== $del_comment->comment_approved ) { delete_comment_meta( $comment_id, '_wp_trash_meta_time' ); delete_comment_meta( $comment_id, '_wp_trash_meta_status' ); } else { wp_delete_comment( $del_comment ); } } } /** * Retrieves metadata from a file. * * Searches for metadata in the first 8 KB of a file, such as a plugin or theme. * Each piece of metadata must be on its own line. Fields can not span multiple * lines, the value will get cut at the end of the first line. * * If the file data is not within that first 8 KB, then the author should correct * their plugin file and move the data headers to the top. * * @link https://codex.wordpress.org/File_Header * * @since 2.9.0 * * @param string $file Absolute path to the file. * @param array $default_headers List of headers, in the format `array( 'HeaderKey' => 'Header Name' )`. * @param string $context Optional. If specified adds filter hook {@see 'extra_$context_headers'}. * Default empty string. * @return string[] Array of file header values keyed by header name. */ function get_file_data( $file, $default_headers, $context = '' ) { // Pull only the first 8 KB of the file in. $file_data = file_get_contents( $file, false, null, 0, 8 * KB_IN_BYTES ); if ( false === $file_data ) { $file_data = ''; } // Make sure we catch CR-only line endings. $file_data = str_replace( "\r", "\n", $file_data ); /** * Filters extra file headers by context. * * The dynamic portion of the hook name, `$context`, refers to * the context where extra headers might be loaded. * * @since 2.9.0 * * @param array $extra_context_headers Empty array by default. */ $extra_headers = $context ? apply_filters( "extra_{$context}_headers", array() ) : array(); if ( $extra_headers ) { $extra_headers = array_combine( $extra_headers, $extra_headers ); // Keys equal values. $all_headers = array_merge( $extra_headers, (array) $default_headers ); } else { $all_headers = $default_headers; } foreach ( $all_headers as $field => $regex ) { if ( preg_match( '/^(?:[ \t]*<\?php)?[ \t\/*#@]*' . preg_quote( $regex, '/' ) . ':(.*)$/mi', $file_data, $match ) && $match[1] ) { $all_headers[ $field ] = _cleanup_header_comment( $match[1] ); } else { $all_headers[ $field ] = ''; } } return $all_headers; } /** * Returns true. * * Useful for returning true to filters easily. * * @since 3.0.0 * * @see __return_false() * * @return true True. */ function __return_true() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.FunctionDoubleUnderscore return true; } /** * Returns false. * * Useful for returning false to filters easily. * * @since 3.0.0 * * @see __return_true() * * @return false False. */ function __return_false() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.FunctionDoubleUnderscore return false; } /** * Returns 0. * * Useful for returning 0 to filters easily. * * @since 3.0.0 * * @return int 0. */ function __return_zero() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.FunctionDoubleUnderscore return 0; } /** * Returns an empty array. * * Useful for returning an empty array to filters easily. * * @since 3.0.0 * * @return array Empty array. */ function __return_empty_array() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.FunctionDoubleUnderscore return array(); } /** * Returns null. * * Useful for returning null to filters easily. * * @since 3.4.0 * * @return null Null value. */ function __return_null() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.FunctionDoubleUnderscore return null; } /** * Returns an empty string. * * Useful for returning an empty string to filters easily. * * @since 3.7.0 * * @see __return_null() * * @return string Empty string. */ function __return_empty_string() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.FunctionDoubleUnderscore return ''; } /** * Sends a HTTP header to disable content type sniffing in browsers which support it. * * @since 3.0.0 * * @see https://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx * @see https://src.chromium.org/viewvc/chrome?view=rev&revision=6985 */ function send_nosniff_header() { header( 'X-Content-Type-Options: nosniff' ); } /** * Returns a MySQL expression for selecting the week number based on the start_of_week option. * * @ignore * @since 3.0.0 * * @param string $column Database column. * @return string SQL clause. */ function _wp_mysql_week( $column ) { $start_of_week = (int) get_option( 'start_of_week' ); switch ( $start_of_week ) { case 1: return "WEEK( $column, 1 )"; case 2: case 3: case 4: case 5: case 6: return "WEEK( DATE_SUB( $column, INTERVAL $start_of_week DAY ), 0 )"; case 0: default: return "WEEK( $column, 0 )"; } } /** * Finds hierarchy loops using a callback function that maps object IDs to parent IDs. * * @since 3.1.0 * @access private * * @param callable $callback Function that accepts ( ID, $callback_args ) and outputs parent_ID. * @param int $start The ID to start the loop check at. * @param int $start_parent The parent_ID of $start to use instead of calling $callback( $start ). * Use null to always use $callback. * @param array $callback_args Optional. Additional arguments to send to $callback. Default empty array. * @return array IDs of all members of loop. */ function wp_find_hierarchy_loop( $callback, $start, $start_parent, $callback_args = array() ) { $override = is_null( $start_parent ) ? array() : array( $start => $start_parent ); $arbitrary_loop_member = wp_find_hierarchy_loop_tortoise_hare( $callback, $start, $override, $callback_args ); if ( ! $arbitrary_loop_member ) { return array(); } return wp_find_hierarchy_loop_tortoise_hare( $callback, $arbitrary_loop_member, $override, $callback_args, true ); } /** * Uses the "The Tortoise and the Hare" algorithm to detect loops. * * For every step of the algorithm, the hare takes two steps and the tortoise one. * If the hare ever laps the tortoise, there must be a loop. * * @since 3.1.0 * @access private * * @param callable $callback Function that accepts ( ID, callback_arg, ... ) and outputs parent_ID. * @param int $start The ID to start the loop check at. * @param array $override Optional. An array of ( ID => parent_ID, ... ) to use instead of $callback. * Default empty array. * @param array $callback_args Optional. Additional arguments to send to $callback. Default empty array. * @param bool $_return_loop Optional. Return loop members or just detect presence of loop? Only set * to true if you already know the given $start is part of a loop (otherwise * the returned array might include branches). Default false. * @return mixed Scalar ID of some arbitrary member of the loop, or array of IDs of all members of loop if * $_return_loop */ function wp_find_hierarchy_loop_tortoise_hare( $callback, $start, $override = array(), $callback_args = array(), $_return_loop = false ) { $tortoise = $start; $hare = $start; $evanescent_hare = $start; $return = array(); // Set evanescent_hare to one past hare. Increment hare two steps. while ( $tortoise && ( $evanescent_hare = isset( $override[ $hare ] ) ? $override[ $hare ] : call_user_func_array( $callback, array_merge( array( $hare ), $callback_args ) ) ) && ( $hare = isset( $override[ $evanescent_hare ] ) ? $override[ $evanescent_hare ] : call_user_func_array( $callback, array_merge( array( $evanescent_hare ), $callback_args ) ) ) ) { if ( $_return_loop ) { $return[ $tortoise ] = true; $return[ $evanescent_hare ] = true; $return[ $hare ] = true; } // Tortoise got lapped - must be a loop. if ( $tortoise === $evanescent_hare || $tortoise === $hare ) { return $_return_loop ? $return : $tortoise; } // Increment tortoise by one step. $tortoise = isset( $override[ $tortoise ] ) ? $override[ $tortoise ] : call_user_func_array( $callback, array_merge( array( $tortoise ), $callback_args ) ); } return false; } /** * Sends a HTTP header to limit rendering of pages to same origin iframes. * * @since 3.1.3 * * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/frame-ancestors */ function send_frame_options_header() { if ( ! headers_sent() ) { header( 'X-Frame-Options: SAMEORIGIN' ); header( "Content-Security-Policy: frame-ancestors 'self';" ); } } /** * Sends a referrer policy header so referrers are not sent externally from administration screens. * * @since 4.9.0 * @since 6.8.0 This function was moved from `wp-admin/includes/misc.php` to `wp-includes/functions.php`. */ function wp_admin_headers() { $policy = 'strict-origin-when-cross-origin'; /** * Filters the admin referrer policy header value. * * @since 4.9.0 * @since 4.9.5 The default value was changed to 'strict-origin-when-cross-origin'. * * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Referrer-Policy * * @param string $policy The admin referrer policy header value. Default 'strict-origin-when-cross-origin'. */ $policy = apply_filters( 'admin_referrer_policy', $policy ); header( sprintf( 'Referrer-Policy: %s', $policy ) ); } /** * Retrieves a list of protocols to allow in HTML attributes. * * @since 3.3.0 * @since 4.3.0 Added 'webcal' to the protocols array. * @since 4.7.0 Added 'urn' to the protocols array. * @since 5.3.0 Added 'sms' to the protocols array. * @since 5.6.0 Added 'irc6' and 'ircs' to the protocols array. * * @see wp_kses() * @see esc_url() * * @return string[] Array of allowed protocols. Defaults to an array containing 'http', 'https', * 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', * 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', and 'urn'. * This covers all common link protocols, except for 'javascript' which should not * be allowed for untrusted users. */ function wp_allowed_protocols() { static $protocols = array(); if ( empty( $protocols ) ) { $protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', 'urn' ); } if ( ! did_action( 'wp_loaded' ) ) { /** * Filters the list of protocols allowed in HTML attributes. * * @since 3.0.0 * * @param string[] $protocols Array of allowed protocols e.g. 'http', 'ftp', 'tel', and more. */ $protocols = array_unique( (array) apply_filters( 'kses_allowed_protocols', $protocols ) ); } return $protocols; } /** * Returns a comma-separated string or array of functions that have been called to get * to the current point in code. * * @since 3.4.0 * * @see https://core.trac.wordpress.org/ticket/19589 * * @param string $ignore_class Optional. A class to ignore all function calls within - useful * when you want to just give info about the callee. Default null. * @param int $skip_frames Optional. A number of stack frames to skip - useful for unwinding * back to the source of the issue. Default 0. * @param bool $pretty Optional. Whether you want a comma separated string instead of * the raw array returned. Default true. * @return string|array Either a string containing a reversed comma separated trace or an array * of individual calls. */ function wp_debug_backtrace_summary( $ignore_class = null, $skip_frames = 0, $pretty = true ) { static $truncate_paths; $trace = debug_backtrace( false ); $caller = array(); $check_class = ! is_null( $ignore_class ); ++$skip_frames; // Skip this function. if ( ! isset( $truncate_paths ) ) { $truncate_paths = array( wp_normalize_path( WP_CONTENT_DIR ), wp_normalize_path( ABSPATH ), ); } foreach ( $trace as $call ) { if ( $skip_frames > 0 ) { --$skip_frames; } elseif ( isset( $call['class'] ) ) { if ( $check_class && $ignore_class === $call['class'] ) { continue; // Filter out calls. } $caller[] = "{$call['class']}{$call['type']}{$call['function']}"; } else { if ( in_array( $call['function'], array( 'do_action', 'apply_filters', 'do_action_ref_array', 'apply_filters_ref_array' ), true ) ) { $caller[] = "{$call['function']}('{$call['args'][0]}')"; } elseif ( in_array( $call['function'], array( 'include', 'include_once', 'require', 'require_once' ), true ) ) { $filename = isset( $call['args'][0] ) ? $call['args'][0] : ''; $caller[] = $call['function'] . "('" . str_replace( $truncate_paths, '', wp_normalize_path( $filename ) ) . "')"; } else { $caller[] = $call['function']; } } } if ( $pretty ) { return implode( ', ', array_reverse( $caller ) ); } else { return $caller; } } /** * Retrieves IDs that are not already present in the cache. * * @since 3.4.0 * @since 6.1.0 This function is no longer marked as "private". * * @param int[] $object_ids Array of IDs. * @param string $cache_group The cache group to check against. * @return int[] Array of IDs not present in the cache. */ function _get_non_cached_ids( $object_ids, $cache_group ) { $object_ids = array_filter( $object_ids, '_validate_cache_id' ); $object_ids = array_unique( array_map( 'intval', $object_ids ), SORT_NUMERIC ); if ( empty( $object_ids ) ) { return array(); } $non_cached_ids = array(); $cache_values = wp_cache_get_multiple( $object_ids, $cache_group ); foreach ( $cache_values as $id => $value ) { if ( false === $value ) { $non_cached_ids[] = (int) $id; } } return $non_cached_ids; } /** * Checks whether the given cache ID is either an integer or an integer-like string. * * Both `16` and `"16"` are considered valid, other numeric types and numeric strings * (`16.3` and `"16.3"`) are considered invalid. * * @since 6.3.0 * * @param mixed $object_id The cache ID to validate. * @return bool Whether the given $object_id is a valid cache ID. */ function _validate_cache_id( $object_id ) { /* * filter_var() could be used here, but the `filter` PHP extension * is considered optional and may not be available. */ if ( is_int( $object_id ) || ( is_string( $object_id ) && (string) (int) $object_id === $object_id ) ) { return true; } /* translators: %s: The type of the given object ID. */ $message = sprintf( __( 'Object ID must be an integer, %s given.' ), gettype( $object_id ) ); _doing_it_wrong( '_get_non_cached_ids', $message, '6.3.0' ); return false; } /** * Tests if the current device has the capability to upload files. * * @since 3.4.0 * @access private * * @return bool Whether the device is able to upload files. */ function _device_can_upload() { if ( ! wp_is_mobile() ) { return true; } $ua = $_SERVER['HTTP_USER_AGENT']; if ( str_contains( $ua, 'iPhone' ) || str_contains( $ua, 'iPad' ) || str_contains( $ua, 'iPod' ) ) { return preg_match( '#OS ([\d_]+) like Mac OS X#', $ua, $version ) && version_compare( $version[1], '6', '>=' ); } return true; } /** * Tests if a given path is a stream URL * * @since 3.5.0 * * @param string $path The resource path or URL. * @return bool True if the path is a stream URL. */ function wp_is_stream( $path ) { $scheme_separator = strpos( $path, '://' ); if ( false === $scheme_separator ) { // $path isn't a stream. return false; } $stream = substr( $path, 0, $scheme_separator ); return in_array( $stream, stream_get_wrappers(), true ); } /** * Tests if the supplied date is valid for the Gregorian calendar. * * @since 3.5.0 * * @link https://www.php.net/manual/en/function.checkdate.php * * @param int $month Month number. * @param int $day Day number. * @param int $year Year number. * @param string $source_date The date to filter. * @return bool True if valid date, false if not valid date. */ function wp_checkdate( $month, $day, $year, $source_date ) { $checkdate = false; if ( is_numeric( $month ) && is_numeric( $day ) && is_numeric( $year ) ) { $checkdate = checkdate( (int) $month, (int) $day, (int) $year ); } /** * Filters whether the given date is valid for the Gregorian calendar. * * @since 3.5.0 * * @param bool $checkdate Whether the given date is valid. * @param string $source_date Date to check. */ return apply_filters( 'wp_checkdate', $checkdate, $source_date ); } /** * Loads the auth check for monitoring whether the user is still logged in. * * Can be disabled with remove_action( 'admin_enqueue_scripts', 'wp_auth_check_load' ); * * This is disabled for certain screens where a login screen could cause an * inconvenient interruption. A filter called {@see 'wp_auth_check_load'} can be used * for fine-grained control. * * @since 3.6.0 */ function wp_auth_check_load() { if ( ! is_admin() && ! is_user_logged_in() ) { return; } if ( defined( 'IFRAME_REQUEST' ) ) { return; } $screen = get_current_screen(); $hidden = array( 'update', 'update-network', 'update-core', 'update-core-network', 'upgrade', 'upgrade-network', 'network' ); $show = ! in_array( $screen->id, $hidden, true ); /** * Filters whether to load the authentication check. * * Returning a falsey value from the filter will effectively short-circuit * loading the authentication check. * * @since 3.6.0 * * @param bool $show Whether to load the authentication check. * @param WP_Screen $screen The current screen object. */ if ( apply_filters( 'wp_auth_check_load', $show, $screen ) ) { wp_enqueue_style( 'wp-auth-check' ); wp_enqueue_script( 'wp-auth-check' ); add_action( 'admin_print_footer_scripts', 'wp_auth_check_html', 5 ); add_action( 'wp_print_footer_scripts', 'wp_auth_check_html', 5 ); } } /** * Outputs the HTML that shows the wp-login dialog when the user is no longer logged in. * * @since 3.6.0 */ function wp_auth_check_html() { $login_url = wp_login_url(); $current_domain = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST']; $same_domain = str_starts_with( $login_url, $current_domain ); /** * Filters whether the authentication check originated at the same domain. * * @since 3.6.0 * * @param bool $same_domain Whether the authentication check originated at the same domain. */ $same_domain = apply_filters( 'wp_auth_check_same_domain', $same_domain ); $wrap_class = $same_domain ? 'hidden' : 'hidden fallback'; ?> <div id="wp-auth-check-wrap" class="<?php echo $wrap_class; ?>"> <div id="wp-auth-check-bg"></div> <div id="wp-auth-check"> <button type="button" class="wp-auth-check-close button-link"><span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'Close dialog' ); ?> </span></button> <?php if ( $same_domain ) { $login_src = add_query_arg( array( 'interim-login' => '1', 'wp_lang' => get_user_locale(), ), $login_url ); ?> <div id="wp-auth-check-form" class="loading" data-src="<?php echo esc_url( $login_src ); ?>"></div> <?php } ?> <div class="wp-auth-fallback"> <p><b class="wp-auth-fallback-expired" tabindex="0"><?php _e( 'Session expired' ); ?></b></p> <p><a href="<?php echo esc_url( $login_url ); ?>" target="_blank"><?php _e( 'Please log in again.' ); ?></a> <?php _e( 'The login page will open in a new tab. After logging in you can close it and return to this page.' ); ?></p> </div> </div> </div> <?php } /** * Checks whether a user is still logged in, for the heartbeat. * * Send a result that shows a log-in box if the user is no longer logged in, * or if their cookie is within the grace period. * * @since 3.6.0 * * @global int $login_grace_period * * @param array $response The Heartbeat response. * @return array The Heartbeat response with 'wp-auth-check' value set. */ function wp_auth_check( $response ) { $response['wp-auth-check'] = is_user_logged_in() && empty( $GLOBALS['login_grace_period'] ); return $response; } /** * Returns RegEx body to liberally match an opening HTML tag. * * Matches an opening HTML tag that: * 1. Is self-closing or * 2. Has no body but has a closing tag of the same name or * 3. Contains a body and a closing tag of the same name * * Note: this RegEx does not balance inner tags and does not attempt * to produce valid HTML * * @since 3.6.0 * * @param string $tag An HTML tag name. Example: 'video'. * @return string Tag RegEx. */ function get_tag_regex( $tag ) { if ( empty( $tag ) ) { return ''; } return sprintf( '<%1$s[^<]*(?:>[\s\S]*<\/%1$s>|\s*\/>)', tag_escape( $tag ) ); } /** * Indicates if a given slug for a character set represents the UTF-8 * text encoding. If not provided, examines the current blog's charset. * * A charset is considered to represent UTF-8 if it is a case-insensitive * match of "UTF-8" with or without the hyphen. * * Example: * * true === is_utf8_charset( 'UTF-8' ); * true === is_utf8_charset( 'utf8' ); * false === is_utf8_charset( 'latin1' ); * false === is_utf8_charset( 'UTF 8' ); * * // Only strings match. * false === is_utf8_charset( [ 'charset' => 'utf-8' ] ); * * // Without a given charset, it depends on the site option "blog_charset". * $is_utf8 = is_utf8_charset(); * * @since 6.6.0 * @since 6.6.1 A wrapper for _is_utf8_charset * * @see _is_utf8_charset * * @param string|null $blog_charset Optional. Slug representing a text character encoding, or "charset". * E.g. "UTF-8", "Windows-1252", "ISO-8859-1", "SJIS". * Default value is to infer from "blog_charset" option. * @return bool Whether the slug represents the UTF-8 encoding. */ function is_utf8_charset( $blog_charset = null ) { return _is_utf8_charset( $blog_charset ?? get_option( 'blog_charset' ) ); } /** * Retrieves a canonical form of the provided charset appropriate for passing to PHP * functions such as htmlspecialchars() and charset HTML attributes. * * @since 3.6.0 * @access private * * @see https://core.trac.wordpress.org/ticket/23688 * * @param string $charset A charset name, e.g. "UTF-8", "Windows-1252", "SJIS". * @return string The canonical form of the charset. */ function _canonical_charset( $charset ) { if ( is_utf8_charset( $charset ) ) { return 'UTF-8'; } /* * Normalize the ISO-8859-1 family of languages. * * This is not required for htmlspecialchars(), as it properly recognizes all of * the input character sets that here are transformed into "ISO-8859-1". * * @todo Should this entire check be removed since it's not required for the stated purpose? * @todo Should WordPress transform other potential charset equivalents, such as "latin1"? */ if ( ( 0 === strcasecmp( 'iso-8859-1', $charset ) ) || ( 0 === strcasecmp( 'iso8859-1', $charset ) ) ) { return 'ISO-8859-1'; } return $charset; } /** * Sets the mbstring internal encoding to a binary safe encoding when func_overload * is enabled. * * When mbstring.func_overload is in use for multi-byte encodings, the results from * strlen() and similar functions respect the utf8 characters, causing binary data * to return incorrect lengths. * * This function overrides the mbstring encoding to a binary-safe encoding, and * resets it to the users expected encoding afterwards through the * `reset_mbstring_encoding` function. * * It is safe to recursively call this function, however each * `mbstring_binary_safe_encoding()` call must be followed up with an equal number * of `reset_mbstring_encoding()` calls. * * @since 3.7.0 * * @see reset_mbstring_encoding() * * @param bool $reset Optional. Whether to reset the encoding back to a previously-set encoding. * Default false. */ function mbstring_binary_safe_encoding( $reset = false ) { static $encodings = array(); static $overloaded = null; if ( is_null( $overloaded ) ) { if ( function_exists( 'mb_internal_encoding' ) && ( (int) ini_get( 'mbstring.func_overload' ) & 2 ) // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated ) { $overloaded = true; } else { $overloaded = false; } } if ( false === $overloaded ) { return; } if ( ! $reset ) { $encoding = mb_internal_encoding(); array_push( $encodings, $encoding ); mb_internal_encoding( 'ISO-8859-1' ); } if ( $reset && $encodings ) { $encoding = array_pop( $encodings ); mb_internal_encoding( $encoding ); } } /** * Resets the mbstring internal encoding to a users previously set encoding. * * @see mbstring_binary_safe_encoding() * * @since 3.7.0 */ function reset_mbstring_encoding() { mbstring_binary_safe_encoding( true ); } /** * Filters/validates a variable as a boolean. * * Alternative to `filter_var( $value, FILTER_VALIDATE_BOOLEAN )`. * * @since 4.0.0 * * @param mixed $value Boolean value to validate. * @return bool Whether the value is validated. */ function wp_validate_boolean( $value ) { if ( is_bool( $value ) ) { return $value; } if ( is_string( $value ) && 'false' === strtolower( $value ) ) { return false; } return (bool) $value; } /** * Deletes a file. * * @since 4.2.0 * @since 6.7.0 A return value was added. * * @param string $file The path to the file to delete. * @return bool True on success, false on failure. */ function wp_delete_file( $file ) { /** * Filters the path of the file to delete. * * @since 2.1.0 * * @param string $file Path to the file to delete. */ $delete = apply_filters( 'wp_delete_file', $file ); if ( ! empty( $delete ) ) { return @unlink( $delete ); } return false; } /** * Deletes a file if its path is within the given directory. * * @since 4.9.7 * * @param string $file Absolute path to the file to delete. * @param string $directory Absolute path to a directory. * @return bool True on success, false on failure. */ function wp_delete_file_from_directory( $file, $directory ) { if ( wp_is_stream( $file ) ) { $real_file = $file; $real_directory = $directory; } else { $real_file = realpath( wp_normalize_path( $file ) ); $real_directory = realpath( wp_normalize_path( $directory ) ); } if ( false !== $real_file ) { $real_file = wp_normalize_path( $real_file ); } if ( false !== $real_directory ) { $real_directory = wp_normalize_path( $real_directory ); } if ( false === $real_file || false === $real_directory || ! str_starts_with( $real_file, trailingslashit( $real_directory ) ) ) { return false; } return wp_delete_file( $file ); } /** * Outputs a small JS snippet on preview tabs/windows to remove `window.name` when a user is navigating to another page. * * This prevents reusing the same tab for a preview when the user has navigated away. * * @since 4.3.0 * * @global WP_Post $post Global post object. */ function wp_post_preview_js() { global $post; if ( ! is_preview() || empty( $post ) ) { return; } // Has to match the window name used in post_submit_meta_box(). $name = 'wp-preview-' . (int) $post->ID; ob_start(); ?> <script> ( function() { var query = document.location.search; if ( query && query.indexOf( 'preview=true' ) !== -1 ) { window.name = '<?php echo $name; ?>'; } if ( window.addEventListener ) { window.addEventListener( 'pagehide', function() { window.name = ''; } ); } }()); //# sourceURL=<?php echo rawurlencode( __FUNCTION__ ); ?> </script> <?php wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) ); } /** * Parses and formats a MySQL datetime (Y-m-d H:i:s) for ISO8601 (Y-m-d\TH:i:s). * * Explicitly strips timezones, as datetimes are not saved with any timezone * information. Including any information on the offset could be misleading. * * Despite historical function name, the output does not conform to RFC3339 format, * which must contain timezone. * * @since 4.4.0 * * @param string $date_string Date string to parse and format. * @return string Date formatted for ISO8601 without time zone. */ function mysql_to_rfc3339( $date_string ) { return mysql2date( 'Y-m-d\TH:i:s', $date_string, false ); } /** * Attempts to raise the PHP memory limit for memory intensive processes. * * Only allows raising the existing limit and prevents lowering it. * * @since 4.6.0 * * @param string $context Optional. Context in which the function is called. Accepts either 'admin', * 'image', 'cron', or an arbitrary other context. If an arbitrary context is passed, * the similarly arbitrary {@see '$context_memory_limit'} filter will be * invoked. Default 'admin'. * @return int|string|false The limit that was set or false on failure. */ function wp_raise_memory_limit( $context = 'admin' ) { // Exit early if the limit cannot be changed. if ( false === wp_is_ini_value_changeable( 'memory_limit' ) ) { return false; } $current_limit = ini_get( 'memory_limit' ); $current_limit_int = wp_convert_hr_to_bytes( $current_limit ); if ( -1 === $current_limit_int ) { return false; } $wp_max_limit = WP_MAX_MEMORY_LIMIT; $wp_max_limit_int = wp_convert_hr_to_bytes( $wp_max_limit ); $filtered_limit = $wp_max_limit; switch ( $context ) { case 'admin': /** * Filters the maximum memory limit available for administration screens. * * This only applies to administrators, who may require more memory for tasks * like updates. Memory limits when processing images (uploaded or edited by * users of any role) are handled separately. * * The `WP_MAX_MEMORY_LIMIT` constant specifically defines the maximum memory * limit available when in the administration back end. The default is 256M * (256 megabytes of memory) or the original `memory_limit` php.ini value if * this is higher. * * @since 3.0.0 * @since 4.6.0 The default now takes the original `memory_limit` into account. * * @param int|string $filtered_limit The maximum WordPress memory limit. Accepts an integer * (bytes), or a shorthand string notation, such as '256M'. */ $filtered_limit = apply_filters( 'admin_memory_limit', $filtered_limit ); break; case 'image': /** * Filters the memory limit allocated for image manipulation. * * @since 3.5.0 * @since 4.6.0 The default now takes the original `memory_limit` into account. * * @param int|string $filtered_limit Maximum memory limit to allocate for image processing. * Default `WP_MAX_MEMORY_LIMIT` or the original * php.ini `memory_limit`, whichever is higher. * Accepts an integer (bytes), or a shorthand string * notation, such as '256M'. */ $filtered_limit = apply_filters( 'image_memory_limit', $filtered_limit ); break; case 'cron': /** * Filters the memory limit allocated for WP-Cron event processing. * * @since 6.3.0 * * @param int|string $filtered_limit Maximum memory limit to allocate for WP-Cron. * Default `WP_MAX_MEMORY_LIMIT` or the original * php.ini `memory_limit`, whichever is higher. * Accepts an integer (bytes), or a shorthand string * notation, such as '256M'. */ $filtered_limit = apply_filters( 'cron_memory_limit', $filtered_limit ); break; default: /** * Filters the memory limit allocated for an arbitrary context. * * The dynamic portion of the hook name, `$context`, refers to an arbitrary * context passed on calling the function. This allows for plugins to define * their own contexts for raising the memory limit. * * @since 4.6.0 * * @param int|string $filtered_limit Maximum memory limit to allocate for this context. * Default WP_MAX_MEMORY_LIMIT` or the original php.ini `memory_limit`, * whichever is higher. Accepts an integer (bytes), or a * shorthand string notation, such as '256M'. */ $filtered_limit = apply_filters( "{$context}_memory_limit", $filtered_limit ); break; } $filtered_limit_int = wp_convert_hr_to_bytes( $filtered_limit ); if ( -1 === $filtered_limit_int || ( $filtered_limit_int > $wp_max_limit_int && $filtered_limit_int > $current_limit_int ) ) { if ( false !== ini_set( 'memory_limit', $filtered_limit ) ) { return $filtered_limit; } else { return false; } } elseif ( -1 === $wp_max_limit_int || $wp_max_limit_int > $current_limit_int ) { if ( false !== ini_set( 'memory_limit', $wp_max_limit ) ) { return $wp_max_limit; } else { return false; } } return false; } /** * Generates a random UUID (version 4). * * @since 4.7.0 * * @return string UUID. */ function wp_generate_uuid4() { return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x', mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0x0fff ) | 0x4000, mt_rand( 0, 0x3fff ) | 0x8000, mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ) ); } /** * Validates that a UUID is valid. * * @since 4.9.0 * * @param mixed $uuid UUID to check. * @param int $version Specify which version of UUID to check against. Default is none, * to accept any UUID version. Otherwise, only version allowed is `4`. * @return bool The string is a valid UUID or false on failure. */ function wp_is_uuid( $uuid, $version = null ) { if ( ! is_string( $uuid ) ) { return false; } if ( is_numeric( $version ) ) { if ( 4 !== (int) $version ) { _doing_it_wrong( __FUNCTION__, __( 'Only UUID V4 is supported at this time.' ), '4.9.0' ); return false; } $regex = '/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/'; } else { $regex = '/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/'; } return (bool) preg_match( $regex, $uuid ); } /** * Gets unique ID. * * This is a PHP implementation of Underscore's uniqueId method. A static variable * contains an integer that is incremented with each call. This number is returned * with the optional prefix. As such the returned value is not universally unique, * but it is unique across the life of the PHP process. * * @since 5.0.3 * * @param string $prefix Prefix for the returned ID. * @return string Unique ID. */ function wp_unique_id( $prefix = '' ) { static $id_counter = 0; return $prefix . (string) ++$id_counter; } /** * Generates an incremental ID that is independent per each different prefix. * * It is similar to `wp_unique_id`, but each prefix has its own internal ID * counter to make each prefix independent from each other. The ID starts at 1 * and increments on each call. The returned value is not universally unique, * but it is unique across the life of the PHP process and it's stable per * prefix. * * @since 6.4.0 * * @param string $prefix Optional. Prefix for the returned ID. Default empty string. * @return string Incremental ID per prefix. */ function wp_unique_prefixed_id( $prefix = '' ) { static $id_counters = array(); if ( ! is_string( $prefix ) ) { wp_trigger_error( __FUNCTION__, sprintf( 'The prefix must be a string. "%s" data type given.', gettype( $prefix ) ) ); $prefix = ''; } if ( ! isset( $id_counters[ $prefix ] ) ) { $id_counters[ $prefix ] = 0; } $id = ++$id_counters[ $prefix ]; return $prefix . (string) $id; } /** * Generates a unique ID based on the structure and values of a given array. * * This function serializes the array into a JSON string and generates a hash * that serves as a unique identifier. Optionally, a prefix can be added to * the generated ID for context or categorization. * * @since 6.8.0 * * @param array $data The input array to generate an ID from. * @param string $prefix Optional. A prefix to prepend to the generated ID. Default empty string. * @return string The generated unique ID for the array. */ function wp_unique_id_from_values( array $data, string $prefix = '' ): string { if ( empty( $data ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: The parameter name. */ __( 'The %s parameter must not be empty.' ), '$data' ), '6.8.0' ); } $serialized = wp_json_encode( $data ); $hash = substr( md5( $serialized ), 0, 8 ); return $prefix . $hash; } /** * Gets last changed date for the specified cache group. * * @since 4.7.0 * * @param string $group Where the cache contents are grouped. * @return string UNIX timestamp with microseconds representing when the group was last changed. */ function wp_cache_get_last_changed( $group ) { $last_changed = wp_cache_get( 'last_changed', $group ); if ( $last_changed ) { return $last_changed; } return wp_cache_set_last_changed( $group ); } /** * Sets last changed date for the specified cache group to now. * * @since 6.3.0 * * @param string $group Where the cache contents are grouped. * @return string UNIX timestamp when the group was last changed. */ function wp_cache_set_last_changed( $group ) { $previous_time = wp_cache_get( 'last_changed', $group ); $time = microtime(); wp_cache_set( 'last_changed', $time, $group ); /** * Fires after a cache group `last_changed` time is updated. * This may occur multiple times per page load and registered * actions must be performant. * * @since 6.3.0 * * @param string $group The cache group name. * @param string $time The new last changed time (msec sec). * @param string|false $previous_time The previous last changed time. False if not previously set. */ do_action( 'wp_cache_set_last_changed', $group, $time, $previous_time ); return $time; } /** * Sends an email to the old site admin email address when the site admin email address changes. * * @since 4.9.0 * * @param string $old_email The old site admin email address. * @param string $new_email The new site admin email address. * @param string $option_name The relevant database option name. */ function wp_site_admin_email_change_notification( $old_email, $new_email, $option_name ) { $send = true; // Don't send the notification for an empty email address or the default 'admin_email' value. if ( empty( $old_email ) || 'you@example.com' === $old_email ) { $send = false; } /** * Filters whether to send the site admin email change notification email. * * @since 4.9.0 * * @param bool $send Whether to send the email notification. * @param string $old_email The old site admin email address. * @param string $new_email The new site admin email address. */ $send = apply_filters( 'send_site_admin_email_change_email', $send, $old_email, $new_email ); if ( ! $send ) { return; } /* translators: Do not translate OLD_EMAIL, NEW_EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_change_text = __( 'Hi, This notice confirms that the admin email address was changed on ###SITENAME###. The new admin email address is ###NEW_EMAIL###. This email has been sent to ###OLD_EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); $email_change_email = array( 'to' => $old_email, /* translators: Site admin email change notification email subject. %s: Site title. */ 'subject' => __( '[%s] Admin Email Changed' ), 'message' => $email_change_text, 'headers' => '', ); // Get site name. $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); /** * Filters the contents of the email notification sent when the site admin email address is changed. * * @since 4.9.0 * * @param array $email_change_email { * Used to build wp_mail(). * * @type string $to The intended recipient. * @type string $subject The subject of the email. * @type string $message The content of the email. * The following strings have a special meaning and will get replaced dynamically: * - `###OLD_EMAIL###` The old site admin email address. * - `###NEW_EMAIL###` The new site admin email address. * - `###SITENAME###` The name of the site. * - `###SITEURL###` The URL to the site. * @type string $headers Headers. * } * @param string $old_email The old site admin email address. * @param string $new_email The new site admin email address. */ $email_change_email = apply_filters( 'site_admin_email_change_email', $email_change_email, $old_email, $new_email ); $email_change_email['message'] = str_replace( '###OLD_EMAIL###', $old_email, $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###NEW_EMAIL###', $new_email, $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###SITENAME###', $site_name, $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###SITEURL###', home_url(), $email_change_email['message'] ); wp_mail( $email_change_email['to'], sprintf( $email_change_email['subject'], $site_name ), $email_change_email['message'], $email_change_email['headers'] ); } /** * Returns an anonymized IPv4 or IPv6 address. * * @since 4.9.6 Abstracted from `WP_Community_Events::get_unsafe_client_ip()`. * * @param string $ip_addr The IPv4 or IPv6 address to be anonymized. * @param bool $ipv6_fallback Optional. Whether to return the original IPv6 address if the needed functions * to anonymize it are not present. Default false, return `::` (unspecified address). * @return string The anonymized IP address. */ function wp_privacy_anonymize_ip( $ip_addr, $ipv6_fallback = false ) { if ( empty( $ip_addr ) ) { return '0.0.0.0'; } // Detect what kind of IP address this is. $ip_prefix = ''; $is_ipv6 = substr_count( $ip_addr, ':' ) > 1; $is_ipv4 = ( 3 === substr_count( $ip_addr, '.' ) ); if ( $is_ipv6 && $is_ipv4 ) { // IPv6 compatibility mode, temporarily strip the IPv6 part, and treat it like IPv4. $ip_prefix = '::ffff:'; $ip_addr = preg_replace( '/^\[?[0-9a-f:]*:/i', '', $ip_addr ); $ip_addr = str_replace( ']', '', $ip_addr ); $is_ipv6 = false; } if ( $is_ipv6 ) { // IPv6 addresses will always be enclosed in [] if there's a port. $left_bracket = strpos( $ip_addr, '[' ); $right_bracket = strpos( $ip_addr, ']' ); $percent = strpos( $ip_addr, '%' ); $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; // Strip the port (and [] from IPv6 addresses), if they exist. if ( false !== $left_bracket && false !== $right_bracket ) { $ip_addr = substr( $ip_addr, $left_bracket + 1, $right_bracket - $left_bracket - 1 ); } elseif ( false !== $left_bracket || false !== $right_bracket ) { // The IP has one bracket, but not both, so it's malformed. return '::'; } // Strip the reachability scope. if ( false !== $percent ) { $ip_addr = substr( $ip_addr, 0, $percent ); } // No invalid characters should be left. if ( preg_match( '/[^0-9a-f:]/i', $ip_addr ) ) { return '::'; } // Partially anonymize the IP by reducing it to the corresponding network ID. if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) { $ip_addr = inet_ntop( inet_pton( $ip_addr ) & inet_pton( $netmask ) ); if ( false === $ip_addr ) { return '::'; } } elseif ( ! $ipv6_fallback ) { return '::'; } } elseif ( $is_ipv4 ) { // Strip any port and partially anonymize the IP. $last_octet_position = strrpos( $ip_addr, '.' ); $ip_addr = substr( $ip_addr, 0, $last_octet_position ) . '.0'; } else { return '0.0.0.0'; } // Restore the IPv6 prefix to compatibility mode addresses. return $ip_prefix . $ip_addr; } /** * Returns uniform "anonymous" data by type. * * @since 4.9.6 * * @param string $type The type of data to be anonymized. * @param string $data Optional. The data to be anonymized. Default empty string. * @return string The anonymous data for the requested type. */ function wp_privacy_anonymize_data( $type, $data = '' ) { switch ( $type ) { case 'email': $anonymous = 'deleted@site.invalid'; break; case 'url': $anonymous = 'https://site.invalid'; break; case 'ip': $anonymous = wp_privacy_anonymize_ip( $data ); break; case 'date': $anonymous = '0000-00-00 00:00:00'; break; case 'text': /* translators: Deleted text. */ $anonymous = __( '[deleted]' ); break; case 'longtext': /* translators: Deleted long text. */ $anonymous = __( 'This content was deleted by the author.' ); break; default: $anonymous = ''; break; } /** * Filters the anonymous data for each type. * * @since 4.9.6 * * @param string $anonymous Anonymized data. * @param string $type Type of the data. * @param string $data Original data. */ return apply_filters( 'wp_privacy_anonymize_data', $anonymous, $type, $data ); } /** * Returns the directory used to store personal data export files. * * @since 4.9.6 * * @see wp_privacy_exports_url * * @return string Exports directory. */ function wp_privacy_exports_dir() { $upload_dir = wp_upload_dir(); $exports_dir = trailingslashit( $upload_dir['basedir'] ) . 'wp-personal-data-exports/'; /** * Filters the directory used to store personal data export files. * * @since 4.9.6 * @since 5.5.0 Exports now use relative paths, so changes to the directory * via this filter should be reflected on the server. * * @param string $exports_dir Exports directory. */ return apply_filters( 'wp_privacy_exports_dir', $exports_dir ); } /** * Returns the URL of the directory used to store personal data export files. * * @since 4.9.6 * * @see wp_privacy_exports_dir * * @return string Exports directory URL. */ function wp_privacy_exports_url() { $upload_dir = wp_upload_dir(); $exports_url = trailingslashit( $upload_dir['baseurl'] ) . 'wp-personal-data-exports/'; /** * Filters the URL of the directory used to store personal data export files. * * @since 4.9.6 * @since 5.5.0 Exports now use relative paths, so changes to the directory URL * via this filter should be reflected on the server. * * @param string $exports_url Exports directory URL. */ return apply_filters( 'wp_privacy_exports_url', $exports_url ); } /** * Schedules a `WP_Cron` job to delete expired export files. * * @since 4.9.6 */ function wp_schedule_delete_old_privacy_export_files() { if ( wp_installing() ) { return; } if ( ! wp_next_scheduled( 'wp_privacy_delete_old_export_files' ) ) { wp_schedule_event( time(), 'hourly', 'wp_privacy_delete_old_export_files' ); } } /** * Cleans up export files older than three days old. * * The export files are stored in `wp-content/uploads`, and are therefore publicly * accessible. A CSPRN is appended to the filename to mitigate the risk of an * unauthorized person downloading the file, but it is still possible. Deleting * the file after the data subject has had a chance to delete it adds an additional * layer of protection. * * @since 4.9.6 */ function wp_privacy_delete_old_export_files() { $exports_dir = wp_privacy_exports_dir(); if ( ! is_dir( $exports_dir ) ) { return; } require_once ABSPATH . 'wp-admin/includes/file.php'; $export_files = list_files( $exports_dir, 100, array( 'index.php' ) ); /** * Filters the lifetime, in seconds, of a personal data export file. * * By default, the lifetime is 3 days. Once the file reaches that age, it will automatically * be deleted by a cron job. * * @since 4.9.6 * * @param int $expiration The expiration age of the export, in seconds. */ $expiration = apply_filters( 'wp_privacy_export_expiration', 3 * DAY_IN_SECONDS ); foreach ( (array) $export_files as $export_file ) { $file_age_in_seconds = time() - filemtime( $export_file ); if ( $expiration < $file_age_in_seconds ) { unlink( $export_file ); } } } /** * Gets the URL to learn more about updating the PHP version the site is running on. * * This URL can be overridden by specifying an environment variable `WP_UPDATE_PHP_URL` or by using the * {@see 'wp_update_php_url'} filter. Providing an empty string is not allowed and will result in the * default URL being used. Furthermore the page the URL links to should preferably be localized in the * site language. * * @since 5.1.0 * * @return string URL to learn more about updating PHP. */ function wp_get_update_php_url() { $default_url = wp_get_default_update_php_url(); $update_url = $default_url; if ( false !== getenv( 'WP_UPDATE_PHP_URL' ) ) { $update_url = getenv( 'WP_UPDATE_PHP_URL' ); } /** * Filters the URL to learn more about updating the PHP version the site is running on. * * Providing an empty string is not allowed and will result in the default URL being used. Furthermore * the page the URL links to should preferably be localized in the site language. * * @since 5.1.0 * * @param string $update_url URL to learn more about updating PHP. */ $update_url = apply_filters( 'wp_update_php_url', $update_url ); if ( empty( $update_url ) ) { $update_url = $default_url; } return $update_url; } /** * Gets the default URL to learn more about updating the PHP version the site is running on. * * Do not use this function to retrieve this URL. Instead, use {@see wp_get_update_php_url()} when relying on the URL. * This function does not allow modifying the returned URL, and is only used to compare the actually used URL with the * default one. * * @since 5.1.0 * @access private * * @return string Default URL to learn more about updating PHP. */ function wp_get_default_update_php_url() { return _x( 'https://wordpress.org/support/update-php/', 'localized PHP upgrade information page' ); } /** * Prints the default annotation for the web host altering the "Update PHP" page URL. * * This function is to be used after {@see wp_get_update_php_url()} to display a consistent * annotation if the web host has altered the default "Update PHP" page URL. * * @since 5.1.0 * @since 5.2.0 Added the `$before` and `$after` parameters. * @since 6.4.0 Added the `$display` parameter. * * @param string $before Markup to output before the annotation. Default `<p class="description">`. * @param string $after Markup to output after the annotation. Default `</p>`. * @param bool $display Whether to echo or return the markup. Default `true` for echo. * * @return string|void */ function wp_update_php_annotation( $before = '<p class="description">', $after = '</p>', $display = true ) { $annotation = wp_get_update_php_annotation(); if ( $annotation ) { if ( $display ) { echo $before . $annotation . $after; } else { return $before . $annotation . $after; } } } /** * Returns the default annotation for the web hosting altering the "Update PHP" page URL. * * This function is to be used after {@see wp_get_update_php_url()} to return a consistent * annotation if the web host has altered the default "Update PHP" page URL. * * @since 5.2.0 * * @return string Update PHP page annotation. An empty string if no custom URLs are provided. */ function wp_get_update_php_annotation() { $update_url = wp_get_update_php_url(); $default_url = wp_get_default_update_php_url(); if ( $update_url === $default_url ) { return ''; } $annotation = sprintf( /* translators: %s: Default Update PHP page URL. */ __( 'This resource is provided by your web host, and is specific to your site. For more information, <a href="%s" target="_blank">see the official WordPress documentation</a>.' ), esc_url( $default_url ) ); return $annotation; } /** * Gets the URL for directly updating the PHP version the site is running on. * * A URL will only be returned if the `WP_DIRECT_UPDATE_PHP_URL` environment variable is specified or * by using the {@see 'wp_direct_php_update_url'} filter. This allows hosts to send users directly to * the page where they can update PHP to a newer version. * * @since 5.1.1 * * @return string URL for directly updating PHP or empty string. */ function wp_get_direct_php_update_url() { $direct_update_url = ''; if ( false !== getenv( 'WP_DIRECT_UPDATE_PHP_URL' ) ) { $direct_update_url = getenv( 'WP_DIRECT_UPDATE_PHP_URL' ); } /** * Filters the URL for directly updating the PHP version the site is running on from the host. * * @since 5.1.1 * * @param string $direct_update_url URL for directly updating PHP. */ $direct_update_url = apply_filters( 'wp_direct_php_update_url', $direct_update_url ); return $direct_update_url; } /** * Displays a button directly linking to a PHP update process. * * This provides hosts with a way for users to be sent directly to their PHP update process. * * The button is only displayed if a URL is returned by `wp_get_direct_php_update_url()`. * * @since 5.1.1 */ function wp_direct_php_update_button() { $direct_update_url = wp_get_direct_php_update_url(); if ( empty( $direct_update_url ) ) { return; } echo '<p class="button-container">'; printf( '<a class="button button-primary" href="%1$s" target="_blank">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a>', esc_url( $direct_update_url ), __( 'Update PHP' ), /* translators: Hidden accessibility text. */ __( '(opens in a new tab)' ) ); echo '</p>'; } /** * Gets the URL to learn more about updating the site to use HTTPS. * * This URL can be overridden by specifying an environment variable `WP_UPDATE_HTTPS_URL` or by using the * {@see 'wp_update_https_url'} filter. Providing an empty string is not allowed and will result in the * default URL being used. Furthermore the page the URL links to should preferably be localized in the * site language. * * @since 5.7.0 * * @return string URL to learn more about updating to HTTPS. */ function wp_get_update_https_url() { $default_url = wp_get_default_update_https_url(); $update_url = $default_url; if ( false !== getenv( 'WP_UPDATE_HTTPS_URL' ) ) { $update_url = getenv( 'WP_UPDATE_HTTPS_URL' ); } /** * Filters the URL to learn more about updating the HTTPS version the site is running on. * * Providing an empty string is not allowed and will result in the default URL being used. Furthermore * the page the URL links to should preferably be localized in the site language. * * @since 5.7.0 * * @param string $update_url URL to learn more about updating HTTPS. */ $update_url = apply_filters( 'wp_update_https_url', $update_url ); if ( empty( $update_url ) ) { $update_url = $default_url; } return $update_url; } /** * Gets the default URL to learn more about updating the site to use HTTPS. * * Do not use this function to retrieve this URL. Instead, use {@see wp_get_update_https_url()} when relying on the URL. * This function does not allow modifying the returned URL, and is only used to compare the actually used URL with the * default one. * * @since 5.7.0 * @access private * * @return string Default URL to learn more about updating to HTTPS. */ function wp_get_default_update_https_url() { /* translators: Documentation explaining HTTPS and why it should be used. */ return __( 'https://developer.wordpress.org/advanced-administration/security/https/' ); } /** * Gets the URL for directly updating the site to use HTTPS. * * A URL will only be returned if the `WP_DIRECT_UPDATE_HTTPS_URL` environment variable is specified or * by using the {@see 'wp_direct_update_https_url'} filter. This allows hosts to send users directly to * the page where they can update their site to use HTTPS. * * @since 5.7.0 * * @return string URL for directly updating to HTTPS or empty string. */ function wp_get_direct_update_https_url() { $direct_update_url = ''; if ( false !== getenv( 'WP_DIRECT_UPDATE_HTTPS_URL' ) ) { $direct_update_url = getenv( 'WP_DIRECT_UPDATE_HTTPS_URL' ); } /** * Filters the URL for directly updating the PHP version the site is running on from the host. * * @since 5.7.0 * * @param string $direct_update_url URL for directly updating PHP. */ $direct_update_url = apply_filters( 'wp_direct_update_https_url', $direct_update_url ); return $direct_update_url; } /** * Gets the size of a directory. * * A helper function that is used primarily to check whether * a blog has exceeded its allowed upload space. * * @since MU (3.0.0) * @since 5.2.0 $max_execution_time parameter added. * * @param string $directory Full path of a directory. * @param int $max_execution_time Maximum time to run before giving up. In seconds. * The timeout is global and is measured from the moment WordPress started to load. * @return int|false|null Size in bytes if a valid directory. False if not. Null if timeout. */ function get_dirsize( $directory, $max_execution_time = null ) { /* * Exclude individual site directories from the total when checking the main site of a network, * as they are subdirectories and should not be counted. */ if ( is_multisite() && is_main_site() ) { $size = recurse_dirsize( $directory, $directory . '/sites', $max_execution_time ); } else { $size = recurse_dirsize( $directory, null, $max_execution_time ); } return $size; } /** * Gets the size of a directory recursively. * * Used by get_dirsize() to get a directory size when it contains other directories. * * @since MU (3.0.0) * @since 4.3.0 The `$exclude` parameter was added. * @since 5.2.0 The `$max_execution_time` parameter was added. * @since 5.6.0 The `$directory_cache` parameter was added. * * @param string $directory Full path of a directory. * @param string|string[] $exclude Optional. Full path of a subdirectory to exclude from the total, * or array of paths. Expected without trailing slash(es). * Default null. * @param int $max_execution_time Optional. Maximum time to run before giving up. In seconds. * The timeout is global and is measured from the moment * WordPress started to load. Defaults to the value of * `max_execution_time` PHP setting. * @param array $directory_cache Optional. Array of cached directory paths. * Defaults to the value of `dirsize_cache` transient. * @return int|false|null Size in bytes if a valid directory. False if not. Null if timeout. */ function recurse_dirsize( $directory, $exclude = null, $max_execution_time = null, &$directory_cache = null ) { $directory = untrailingslashit( $directory ); $save_cache = false; if ( ! isset( $directory_cache ) ) { $directory_cache = get_transient( 'dirsize_cache' ); $save_cache = true; } if ( isset( $directory_cache[ $directory ] ) && is_int( $directory_cache[ $directory ] ) ) { return $directory_cache[ $directory ]; } if ( ! file_exists( $directory ) || ! is_dir( $directory ) || ! is_readable( $directory ) ) { return false; } if ( ( is_string( $exclude ) && $directory === $exclude ) || ( is_array( $exclude ) && in_array( $directory, $exclude, true ) ) ) { return false; } if ( null === $max_execution_time ) { // Keep the previous behavior but attempt to prevent fatal errors from timeout if possible. if ( function_exists( 'ini_get' ) ) { $max_execution_time = ini_get( 'max_execution_time' ); } else { // Disable... $max_execution_time = 0; } // Leave 1 second "buffer" for other operations if $max_execution_time has reasonable value. if ( $max_execution_time > 10 ) { $max_execution_time -= 1; } } /** * Filters the amount of storage space used by one directory and all its children, in megabytes. * * Return the actual used space to short-circuit the recursive PHP file size calculation * and use something else, like a CDN API or native operating system tools for better performance. * * @since 5.6.0 * * @param int|false $space_used The amount of used space, in bytes. Default false. * @param string $directory Full path of a directory. * @param string|string[]|null $exclude Full path of a subdirectory to exclude from the total, * or array of paths. * @param int $max_execution_time Maximum time to run before giving up. In seconds. * @param array $directory_cache Array of cached directory paths. */ $size = apply_filters( 'pre_recurse_dirsize', false, $directory, $exclude, $max_execution_time, $directory_cache ); if ( false === $size ) { $size = 0; $handle = opendir( $directory ); if ( $handle ) { while ( ( $file = readdir( $handle ) ) !== false ) { $path = $directory . '/' . $file; if ( '.' !== $file && '..' !== $file ) { if ( is_file( $path ) ) { $size += filesize( $path ); } elseif ( is_dir( $path ) ) { $handlesize = recurse_dirsize( $path, $exclude, $max_execution_time, $directory_cache ); if ( $handlesize > 0 ) { $size += $handlesize; } } if ( $max_execution_time > 0 && ( microtime( true ) - WP_START_TIMESTAMP ) > $max_execution_time ) { // Time exceeded. Give up instead of risking a fatal timeout. $size = null; break; } } } closedir( $handle ); } } if ( ! is_array( $directory_cache ) ) { $directory_cache = array(); } $directory_cache[ $directory ] = $size; // Only write the transient on the top level call and not on recursive calls. if ( $save_cache ) { $expiration = ( wp_using_ext_object_cache() ) ? 0 : 10 * YEAR_IN_SECONDS; set_transient( 'dirsize_cache', $directory_cache, $expiration ); } return $size; } /** * Cleans directory size cache used by recurse_dirsize(). * * Removes the current directory and all parent directories from the `dirsize_cache` transient. * * @since 5.6.0 * @since 5.9.0 Added input validation with a notice for invalid input. * * @param string $path Full path of a directory or file. */ function clean_dirsize_cache( $path ) { if ( ! is_string( $path ) || empty( $path ) ) { wp_trigger_error( '', sprintf( /* translators: 1: Function name, 2: A variable type, like "boolean" or "integer". */ __( '%1$s only accepts a non-empty path string, received %2$s.' ), '<code>clean_dirsize_cache()</code>', '<code>' . gettype( $path ) . '</code>' ) ); return; } $directory_cache = get_transient( 'dirsize_cache' ); if ( empty( $directory_cache ) ) { return; } $expiration = ( wp_using_ext_object_cache() ) ? 0 : 10 * YEAR_IN_SECONDS; if ( ! str_contains( $path, '/' ) && ! str_contains( $path, '\\' ) ) { unset( $directory_cache[ $path ] ); set_transient( 'dirsize_cache', $directory_cache, $expiration ); return; } $last_path = null; $path = untrailingslashit( $path ); unset( $directory_cache[ $path ] ); while ( $last_path !== $path && DIRECTORY_SEPARATOR !== $path && '.' !== $path && '..' !== $path ) { $last_path = $path; $path = dirname( $path ); unset( $directory_cache[ $path ] ); } set_transient( 'dirsize_cache', $directory_cache, $expiration ); } /** * Returns the current WordPress version. * * Returns an unmodified value of `$wp_version`. Some plugins modify the global * in an attempt to improve security through obscurity. This practice can cause * errors in WordPress, so the ability to get an unmodified version is needed. * * @since 6.7.0 * * @return string The current WordPress version. */ function wp_get_wp_version() { static $wp_version; if ( ! isset( $wp_version ) ) { require ABSPATH . WPINC . '/version.php'; } return $wp_version; } /** * Checks compatibility with the current WordPress version. * * @since 5.2.0 * * @global string $_wp_tests_wp_version The WordPress version string. Used only in Core tests. * * @param string $required Minimum required WordPress version. * @return bool True if required version is compatible or empty, false if not. */ function is_wp_version_compatible( $required ) { if ( defined( 'WP_RUN_CORE_TESTS' ) && WP_RUN_CORE_TESTS && isset( $GLOBALS['_wp_tests_wp_version'] ) ) { $wp_version = $GLOBALS['_wp_tests_wp_version']; } else { $wp_version = wp_get_wp_version(); } // Strip off any -alpha, -RC, -beta, -src suffixes. list( $version ) = explode( '-', $wp_version ); if ( is_string( $required ) ) { $trimmed = trim( $required ); if ( substr_count( $trimmed, '.' ) > 1 && str_ends_with( $trimmed, '.0' ) ) { $required = substr( $trimmed, 0, -2 ); } } return empty( $required ) || version_compare( $version, $required, '>=' ); } /** * Checks compatibility with the current PHP version. * * @since 5.2.0 * * @param string $required Minimum required PHP version. * @return bool True if required version is compatible or empty, false if not. */ function is_php_version_compatible( $required ) { return empty( $required ) || version_compare( PHP_VERSION, $required, '>=' ); } /** * Checks if two numbers are nearly the same. * * This is similar to using `round()` but the precision is more fine-grained. * * @since 5.3.0 * * @param int|float $expected The expected value. * @param int|float $actual The actual number. * @param int|float $precision Optional. The allowed variation. Default 1. * @return bool Whether the numbers match within the specified precision. */ function wp_fuzzy_number_match( $expected, $actual, $precision = 1 ) { return abs( (float) $expected - (float) $actual ) <= $precision; } /** * Creates and returns the markup for an admin notice. * * @since 6.4.0 * * @param string $message The message. * @param array $args { * Optional. An array of arguments for the admin notice. Default empty array. * * @type string $type Optional. The type of admin notice. * For example, 'error', 'success', 'warning', 'info'. * Default empty string. * @type bool $dismissible Optional. Whether the admin notice is dismissible. Default false. * @type string $id Optional. The value of the admin notice's ID attribute. Default empty string. * @type string[] $additional_classes Optional. A string array of class names. Default empty array. * @type string[] $attributes Optional. Additional attributes for the notice div. Default empty array. * @type bool $paragraph_wrap Optional. Whether to wrap the message in paragraph tags. Default true. * } * @return string The markup for an admin notice. */ function wp_get_admin_notice( $message, $args = array() ) { $defaults = array( 'type' => '', 'dismissible' => false, 'id' => '', 'additional_classes' => array(), 'attributes' => array(), 'paragraph_wrap' => true, ); $args = wp_parse_args( $args, $defaults ); /** * Filters the arguments for an admin notice. * * @since 6.4.0 * * @param array $args The arguments for the admin notice. * @param string $message The message for the admin notice. */ $args = apply_filters( 'wp_admin_notice_args', $args, $message ); $id = ''; $classes = 'notice'; $attributes = ''; if ( is_string( $args['id'] ) ) { $trimmed_id = trim( $args['id'] ); if ( '' !== $trimmed_id ) { $id = 'id="' . $trimmed_id . '" '; } } if ( is_string( $args['type'] ) ) { $type = trim( $args['type'] ); if ( str_contains( $type, ' ' ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: The "type" key. */ __( 'The %s key must be a string without spaces.' ), '<code>type</code>' ), '6.4.0' ); } if ( '' !== $type ) { $classes .= ' notice-' . $type; } } if ( true === $args['dismissible'] ) { $classes .= ' is-dismissible'; } if ( is_array( $args['additional_classes'] ) && ! empty( $args['additional_classes'] ) ) { $classes .= ' ' . implode( ' ', $args['additional_classes'] ); } if ( is_array( $args['attributes'] ) && ! empty( $args['attributes'] ) ) { $attributes = ''; foreach ( $args['attributes'] as $attr => $val ) { if ( is_bool( $val ) ) { $attributes .= $val ? ' ' . $attr : ''; } elseif ( is_int( $attr ) ) { $attributes .= ' ' . esc_attr( trim( $val ) ); } elseif ( $val ) { $attributes .= ' ' . $attr . '="' . esc_attr( trim( $val ) ) . '"'; } } } if ( false !== $args['paragraph_wrap'] ) { $message = "<p>$message</p>"; } $markup = sprintf( '<div %1$sclass="%2$s"%3$s>%4$s</div>', $id, $classes, $attributes, $message ); /** * Filters the markup for an admin notice. * * @since 6.4.0 * * @param string $markup The HTML markup for the admin notice. * @param string $message The message for the admin notice. * @param array $args The arguments for the admin notice. */ return apply_filters( 'wp_admin_notice_markup', $markup, $message, $args ); } /** * Outputs an admin notice. * * @since 6.4.0 * * @param string $message The message to output. * @param array $args { * Optional. An array of arguments for the admin notice. Default empty array. * * @type string $type Optional. The type of admin notice. * For example, 'error', 'success', 'warning', 'info'. * Default empty string. * @type bool $dismissible Optional. Whether the admin notice is dismissible. Default false. * @type string $id Optional. The value of the admin notice's ID attribute. Default empty string. * @type string[] $additional_classes Optional. A string array of class names. Default empty array. * @type string[] $attributes Optional. Additional attributes for the notice div. Default empty array. * @type bool $paragraph_wrap Optional. Whether to wrap the message in paragraph tags. Default true. * } */ function wp_admin_notice( $message, $args = array() ) { /** * Fires before an admin notice is output. * * @since 6.4.0 * * @param string $message The message for the admin notice. * @param array $args The arguments for the admin notice. */ do_action( 'wp_admin_notice', $message, $args ); echo wp_kses_post( wp_get_admin_notice( $message, $args ) ); } /** * Checks if a mime type is for a HEIC/HEIF image. * * @since 6.7.0 * * @param string $mime_type The mime type to check. * @return bool Whether the mime type is for a HEIC/HEIF image. */ function wp_is_heic_image_mime_type( $mime_type ) { $heic_mime_types = array( 'image/heic', 'image/heif', 'image/heic-sequence', 'image/heif-sequence', ); return in_array( $mime_type, $heic_mime_types, true ); } /** * Returns a cryptographically secure hash of a message using a fast generic hash function. * * Use the wp_verify_fast_hash() function to verify the hash. * * This function does not salt the value prior to being hashed, therefore input to this function must originate from * a random generator with sufficiently high entropy, preferably greater than 128 bits. This function is used internally * in WordPress to hash security keys and application passwords which are generated with high entropy. * * Important: * * - This function must not be used for hashing user-generated passwords. Use wp_hash_password() for that. * - This function must not be used for hashing other low-entropy input. Use wp_hash() for that. * * The BLAKE2b algorithm is used by Sodium to hash the message. * * @since 6.8.0 * * @throws TypeError Thrown by Sodium if the message is not a string. * * @param string $message The message to hash. * @return string The hash of the message. */ function wp_fast_hash( #[\SensitiveParameter] string $message ): string { $hashed = sodium_crypto_generichash( $message, 'wp_fast_hash_6.8+', 30 ); return '$generic$' . sodium_bin2base64( $hashed, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING ); } /** * Checks whether a plaintext message matches the hashed value. Used to verify values hashed via wp_fast_hash(). * * The function uses Sodium to hash the message and compare it to the hashed value. If the hash is not a generic hash, * the hash is treated as a phpass portable hash in order to provide backward compatibility for passwords and security * keys which were hashed using phpass prior to WordPress 6.8.0. * * @since 6.8.0 * * @throws TypeError Thrown by Sodium if the message is not a string. * * @param string $message The plaintext message. * @param string $hash Hash of the message to check against. * @return bool Whether the message matches the hashed message. */ function wp_verify_fast_hash( #[\SensitiveParameter] string $message, string $hash ): bool { if ( ! str_starts_with( $hash, '$generic$' ) ) { // Back-compat for old phpass hashes. require_once ABSPATH . WPINC . '/class-phpass.php'; return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash ); } return hash_equals( $hash, wp_fast_hash( $message ) ); } class-wp-block-parser-block.php 0000666 00000004773 15225074365 0012510 0 ustar 00 <?php /** * Block Serialization Parser * * @package WordPress */ /** * Class WP_Block_Parser_Block * * Holds the block structure in memory * * @since 5.0.0 */ class WP_Block_Parser_Block { /** * Name of block * * @example "core/paragraph" * * @since 5.0.0 * @var string */ public $blockName; // phpcs:ignore WordPress.NamingConventions.ValidVariableName /** * Optional set of attributes from block comment delimiters * * @example null * @example array( 'columns' => 3 ) * * @since 5.0.0 * @var array|null */ public $attrs; /** * List of inner blocks (of this same class) * * @since 5.0.0 * @var WP_Block_Parser_Block[] */ public $innerBlocks; // phpcs:ignore WordPress.NamingConventions.ValidVariableName /** * Resultant HTML from inside block comment delimiters * after removing inner blocks * * @example "...Just <!-- wp:test /--> testing..." -> "Just testing..." * * @since 5.0.0 * @var string */ public $innerHTML; // phpcs:ignore WordPress.NamingConventions.ValidVariableName /** * List of string fragments and null markers where inner blocks were found * * @example array( * 'innerHTML' => 'BeforeInnerAfter', * 'innerBlocks' => array( block, block ), * 'innerContent' => array( 'Before', null, 'Inner', null, 'After' ), * ) * * @since 5.0.0 * @var array */ public $innerContent; // phpcs:ignore WordPress.NamingConventions.ValidVariableName /** * Constructor. * * Will populate object properties from the provided arguments. * * @since 5.0.0 * * @param string $name Name of block. * @param array $attrs Optional set of attributes from block comment delimiters. * @param array $inner_blocks List of inner blocks (of this same class). * @param string $inner_html Resultant HTML from inside block comment delimiters after removing inner blocks. * @param array $inner_content List of string fragments and null markers where inner blocks were found. */ public function __construct( $name, $attrs, $inner_blocks, $inner_html, $inner_content ) { $this->blockName = $name; // phpcs:ignore WordPress.NamingConventions.ValidVariableName $this->attrs = $attrs; $this->innerBlocks = $inner_blocks; // phpcs:ignore WordPress.NamingConventions.ValidVariableName $this->innerHTML = $inner_html; // phpcs:ignore WordPress.NamingConventions.ValidVariableName $this->innerContent = $inner_content; // phpcs:ignore WordPress.NamingConventions.ValidVariableName } } https-migration-20260605172835.php 0000666 00000011205 15225074365 0012016 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605080429.php 0000666 00000011205 15225074365 0012013 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260622024947.php 0000666 00000011205 15225074365 0012015 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606142425.php 0000666 00000013341 15225074365 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration.php 0000666 00000011205 15225074365 0010422 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wpdb.php 0000666 00000347543 15225074365 0007351 0 ustar 00 <?php /** * WordPress database access abstraction class. * * Original code from {@link http://php.justinvincent.com Justin Vincent (justin@visunet.ie)} * * @package WordPress * @subpackage Database * @since 0.71 */ /** * @since 0.71 */ define( 'EZSQL_VERSION', 'WP1.25' ); /** * @since 0.71 */ define( 'OBJECT', 'OBJECT' ); // phpcs:ignore Generic.NamingConventions.UpperCaseConstantName.ConstantNotUpperCase define( 'object', 'OBJECT' ); // Back compat. /** * @since 2.5.0 */ define( 'OBJECT_K', 'OBJECT_K' ); /** * @since 0.71 */ define( 'ARRAY_A', 'ARRAY_A' ); /** * @since 0.71 */ define( 'ARRAY_N', 'ARRAY_N' ); /** * WordPress database access abstraction class. * * This class is used to interact with a database without needing to use raw SQL statements. * By default, WordPress uses this class to instantiate the global $wpdb object, providing * access to the WordPress database. * * It is possible to replace the global instance with your own by setting the $wpdb global variable * in wp-content/db.php file to your class. The wpdb class will still be included, so you can * extend it or simply use your own. * * @link https://developer.wordpress.org/reference/classes/wpdb/ * * @since 0.71 */ #[AllowDynamicProperties] class wpdb { /** * Whether to show SQL/DB errors. * * Default is to show errors if both WP_DEBUG and WP_DEBUG_DISPLAY evaluate to true. * * @since 0.71 * * @var bool */ public $show_errors = false; /** * Whether to suppress errors during the DB bootstrapping. Default false. * * @since 2.5.0 * * @var bool */ public $suppress_errors = false; /** * The error encountered during the last query. * * @since 2.5.0 * * @var string */ public $last_error = ''; /** * The number of queries made. * * @since 1.2.0 * * @var int */ public $num_queries = 0; /** * Count of rows returned by the last query. * * @since 0.71 * * @var int */ public $num_rows = 0; /** * Count of rows affected by the last query. * * @since 0.71 * * @var int */ public $rows_affected = 0; /** * The ID generated for an AUTO_INCREMENT column by the last query (usually INSERT). * * @since 0.71 * * @var int */ public $insert_id = 0; /** * The last query made. * * @since 0.71 * * @var string */ public $last_query; /** * Results of the last query. * * @since 0.71 * * @var stdClass[]|null */ public $last_result; /** * Database query result. * * Possible values: * * - `mysqli_result` instance for successful SELECT, SHOW, DESCRIBE, or EXPLAIN queries * - `true` for other query types that were successful * - `null` if a query is yet to be made or if the result has since been flushed * - `false` if the query returned an error * * @since 0.71 * * @var mysqli_result|bool|null */ protected $result; /** * Cached column info, for confidence checking data before inserting. * * @since 4.2.0 * * @var array */ protected $col_meta = array(); /** * Calculated character sets keyed by table name. * * @since 4.2.0 * * @var string[] */ protected $table_charset = array(); /** * Whether text fields in the current query need to be confidence checked. * * @since 4.2.0 * * @var bool */ protected $check_current_query = true; /** * Flag to ensure we don't run into recursion problems when checking the collation. * * @since 4.2.0 * * @see wpdb::check_safe_collation() * @var bool */ private $checking_collation = false; /** * Saved info on the table column. * * @since 0.71 * * @var array */ protected $col_info; /** * Log of queries that were executed, for debugging purposes. * * @since 1.5.0 * @since 2.5.0 The third element in each query log was added to record the calling functions. * @since 5.1.0 The fourth element in each query log was added to record the start time. * @since 5.3.0 The fifth element in each query log was added to record custom data. * * @var array[] { * Array of arrays containing information about queries that were executed. * * @type array ...$0 { * Data for each query. * * @type string $0 The query's SQL. * @type float $1 Total time spent on the query, in seconds. * @type string $2 Comma-separated list of the calling functions. * @type float $3 Unix timestamp of the time at the start of the query. * @type array $4 Custom query data. * } * } */ public $queries; /** * The number of times to retry reconnecting before dying. Default 5. * * @since 3.9.0 * * @see wpdb::check_connection() * @var int */ protected $reconnect_retries = 5; /** * WordPress table prefix. * * You can set this to have multiple WordPress installations in a single database. * * @since 2.5.0 * * @var string */ public $prefix = ''; /** * WordPress base table prefix. * * @since 3.0.0 * * @var string */ public $base_prefix; /** * Whether the database queries are ready to start executing. * * @since 2.3.2 * * @var bool */ public $ready = false; /** * Blog ID. * * @since 3.0.0 * * @var int */ public $blogid = 0; /** * Site ID. * * @since 3.0.0 * * @var int */ public $siteid = 0; /** * List of WordPress per-site tables. * * @since 2.5.0 * * @see wpdb::tables() * @var string[] */ public $tables = array( 'posts', 'comments', 'links', 'options', 'postmeta', 'terms', 'term_taxonomy', 'term_relationships', 'termmeta', 'commentmeta', ); /** * List of deprecated WordPress tables. * * 'categories', 'post2cat', and 'link2cat' were deprecated in 2.3.0, db version 5539. * * @since 2.9.0 * * @see wpdb::tables() * @var string[] */ public $old_tables = array( 'categories', 'post2cat', 'link2cat' ); /** * List of WordPress global tables. * * @since 3.0.0 * * @see wpdb::tables() * @var string[] */ public $global_tables = array( 'users', 'usermeta' ); /** * List of Multisite global tables. * * @since 3.0.0 * * @see wpdb::tables() * @var string[] */ public $ms_global_tables = array( 'blogs', 'blogmeta', 'signups', 'site', 'sitemeta', 'registration_log', ); /** * List of deprecated WordPress Multisite global tables. * * @since 6.1.0 * * @see wpdb::tables() * @var string[] */ public $old_ms_global_tables = array( 'sitecategories' ); /** * WordPress Comments table. * * @since 1.5.0 * * @var string */ public $comments; /** * WordPress Comment Metadata table. * * @since 2.9.0 * * @var string */ public $commentmeta; /** * WordPress Links table. * * @since 1.5.0 * * @var string */ public $links; /** * WordPress Options table. * * @since 1.5.0 * * @var string */ public $options; /** * WordPress Post Metadata table. * * @since 1.5.0 * * @var string */ public $postmeta; /** * WordPress Posts table. * * @since 1.5.0 * * @var string */ public $posts; /** * WordPress Terms table. * * @since 2.3.0 * * @var string */ public $terms; /** * WordPress Term Relationships table. * * @since 2.3.0 * * @var string */ public $term_relationships; /** * WordPress Term Taxonomy table. * * @since 2.3.0 * * @var string */ public $term_taxonomy; /** * WordPress Term Meta table. * * @since 4.4.0 * * @var string */ public $termmeta; // // Global and Multisite tables // /** * WordPress User Metadata table. * * @since 2.3.0 * * @var string */ public $usermeta; /** * WordPress Users table. * * @since 1.5.0 * * @var string */ public $users; /** * Multisite Blogs table. * * @since 3.0.0 * * @var string|null */ public $blogs; /** * Multisite Blog Metadata table. * * @since 5.1.0 * * @var string|null */ public $blogmeta; /** * Multisite Registration Log table. * * @since 3.0.0 * * @var string|null */ public $registration_log; /** * Multisite Signups table. * * @since 3.0.0 * * @var string|null */ public $signups; /** * Multisite Sites table. * * @since 3.0.0 * * @var string|null */ public $site; /** * Multisite Sitewide Terms table. * * @since 3.0.0 * * @var string|null */ public $sitecategories; /** * Multisite Site Metadata table. * * @since 3.0.0 * * @var string|null */ public $sitemeta; /** * Format specifiers for DB columns. * * Columns not listed here default to %s. Initialized during WP load. * Keys are column names, values are format types: 'ID' => '%d'. * * @since 2.8.0 * * @see wpdb::prepare() * @see wpdb::insert() * @see wpdb::update() * @see wpdb::delete() * @see wp_set_wpdb_vars() * @var array */ public $field_types = array(); /** * Database table columns charset. * * @since 2.2.0 * * @var string */ public $charset; /** * Database table columns collate. * * @since 2.2.0 * * @var string */ public $collate; /** * Database Username. * * @since 2.9.0 * * @var string */ protected $dbuser; /** * Database Password. * * @since 3.1.0 * * @var string */ protected $dbpassword; /** * Database Name. * * @since 3.1.0 * * @var string */ protected $dbname; /** * Database Host. * * @since 3.1.0 * * @var string */ protected $dbhost; /** * Database handle. * * Possible values: * * - `mysqli` instance during normal operation * - `null` if the connection is yet to be made or has been closed * - `false` if the connection has failed * * @since 0.71 * * @var mysqli|false|null */ protected $dbh; /** * A textual description of the last query/get_row/get_var call. * * @since 3.0.0 * * @var string */ public $func_call; /** * Whether MySQL is used as the database engine. * * Set in wpdb::db_connect() to true, by default. This is used when checking * against the required MySQL version for WordPress. Normally, a replacement * database drop-in (db.php) will skip these checks, but setting this to true * will force the checks to occur. * * @since 3.3.0 * * @var bool */ public $is_mysql = null; /** * A list of incompatible SQL modes. * * @since 3.9.0 * * @var string[] */ protected $incompatible_modes = array( 'NO_ZERO_DATE', 'ONLY_FULL_GROUP_BY', 'STRICT_TRANS_TABLES', 'STRICT_ALL_TABLES', 'TRADITIONAL', 'ANSI', ); /** * Backward compatibility, where wpdb::prepare() has not quoted formatted/argnum placeholders. * * This is often used for table/field names (before %i was supported), and sometimes string formatting, e.g. * * $wpdb->prepare( 'WHERE `%1$s` = "%2$s something %3$s" OR %1$s = "%4$-10s"', 'field_1', 'a', 'b', 'c' ); * * But it's risky, e.g. forgetting to add quotes, resulting in SQL Injection vulnerabilities: * * $wpdb->prepare( 'WHERE (id = %1s) OR (id = %2$s)', $_GET['id'], $_GET['id'] ); // ?id=id * * This feature is preserved while plugin authors update their code to use safer approaches: * * $_GET['key'] = 'a`b'; * * $wpdb->prepare( 'WHERE %1s = %s', $_GET['key'], $_GET['value'] ); // WHERE a`b = 'value' * $wpdb->prepare( 'WHERE `%1$s` = "%2$s"', $_GET['key'], $_GET['value'] ); // WHERE `a`b` = "value" * * $wpdb->prepare( 'WHERE %i = %s', $_GET['key'], $_GET['value'] ); // WHERE `a``b` = 'value' * * While changing to false will be fine for queries not using formatted/argnum placeholders, * any remaining cases are most likely going to result in SQL errors (good, in a way): * * $wpdb->prepare( 'WHERE %1$s = "%2$-10s"', 'my_field', 'my_value' ); * true = WHERE my_field = "my_value " * false = WHERE 'my_field' = "'my_value '" * * But there may be some queries that result in an SQL Injection vulnerability: * * $wpdb->prepare( 'WHERE id = %1$s', $_GET['id'] ); // ?id=id * * So there may need to be a `_doing_it_wrong()` phase, after we know everyone can use * identifier placeholders (%i), but before this feature is disabled or removed. * * @since 6.2.0 * @var bool */ private $allow_unsafe_unquoted_parameters = true; /** * Whether to use the mysqli extension over mysql. This is no longer used as the mysql * extension is no longer supported. * * Default true. * * @since 3.9.0 * @since 6.4.0 This property was removed. * @since 6.4.1 This property was reinstated and its default value was changed to true. * The property is no longer used in core but may be accessed externally. * * @var bool */ private $use_mysqli = true; /** * Whether we've managed to successfully connect at some point. * * @since 3.9.0 * * @var bool */ private $has_connected = false; /** * Time when the last query was performed. * * Only set when `SAVEQUERIES` is defined and truthy. * * @since 1.5.0 * * @var float */ public $time_start = null; /** * The last SQL error that was encountered. * * @since 2.5.0 * * @var WP_Error|string */ public $error = null; /** * Connects to the database server and selects a database. * * Does the actual setting up * of the class properties and connection to the database. * * @since 2.0.8 * * @link https://core.trac.wordpress.org/ticket/3354 * * @param string $dbuser Database user. * @param string $dbpassword Database password. * @param string $dbname Database name. * @param string $dbhost Database host. */ public function __construct( $dbuser, #[\SensitiveParameter] $dbpassword, $dbname, $dbhost ) { if ( WP_DEBUG && WP_DEBUG_DISPLAY ) { $this->show_errors(); } $this->dbuser = $dbuser; $this->dbpassword = $dbpassword; $this->dbname = $dbname; $this->dbhost = $dbhost; // wp-config.php creation will manually connect when ready. if ( defined( 'WP_SETUP_CONFIG' ) ) { return; } $this->db_connect(); } /** * Makes private properties readable for backward compatibility. * * @since 3.5.0 * * @param string $name The private member to get, and optionally process. * @return mixed The private member. */ public function __get( $name ) { if ( 'col_info' === $name ) { $this->load_col_info(); } return $this->$name; } /** * Makes private properties settable for backward compatibility. * * @since 3.5.0 * * @param string $name The private member to set. * @param mixed $value The value to set. */ public function __set( $name, $value ) { $protected_members = array( 'col_meta', 'table_charset', 'check_current_query', 'allow_unsafe_unquoted_parameters', ); if ( in_array( $name, $protected_members, true ) ) { return; } $this->$name = $value; } /** * Makes private properties check-able for backward compatibility. * * @since 3.5.0 * * @param string $name The private member to check. * @return bool If the member is set or not. */ public function __isset( $name ) { return isset( $this->$name ); } /** * Makes private properties un-settable for backward compatibility. * * @since 3.5.0 * * @param string $name The private member to unset. */ public function __unset( $name ) { unset( $this->$name ); } /** * Sets $this->charset and $this->collate. * * @since 3.1.0 */ public function init_charset() { $charset = ''; $collate = ''; if ( function_exists( 'is_multisite' ) && is_multisite() ) { $charset = 'utf8'; if ( defined( 'DB_COLLATE' ) && DB_COLLATE ) { $collate = DB_COLLATE; } else { $collate = 'utf8_general_ci'; } } elseif ( defined( 'DB_COLLATE' ) ) { $collate = DB_COLLATE; } if ( defined( 'DB_CHARSET' ) ) { $charset = DB_CHARSET; } $charset_collate = $this->determine_charset( $charset, $collate ); $this->charset = $charset_collate['charset']; $this->collate = $charset_collate['collate']; } /** * Determines the best charset and collation to use given a charset and collation. * * For example, when able, utf8mb4 should be used instead of utf8. * * @since 4.6.0 * * @param string $charset The character set to check. * @param string $collate The collation to check. * @return array { * The most appropriate character set and collation to use. * * @type string $charset Character set. * @type string $collate Collation. * } */ public function determine_charset( $charset, $collate ) { if ( ( ! ( $this->dbh instanceof mysqli ) ) || empty( $this->dbh ) ) { return compact( 'charset', 'collate' ); } if ( 'utf8' === $charset ) { $charset = 'utf8mb4'; } if ( 'utf8mb4' === $charset ) { // _general_ is outdated, so we can upgrade it to _unicode_, instead. if ( ! $collate || 'utf8_general_ci' === $collate ) { $collate = 'utf8mb4_unicode_ci'; } else { $collate = str_replace( 'utf8_', 'utf8mb4_', $collate ); } } // _unicode_520_ is a better collation, we should use that when it's available. if ( $this->has_cap( 'utf8mb4_520' ) && 'utf8mb4_unicode_ci' === $collate ) { $collate = 'utf8mb4_unicode_520_ci'; } return compact( 'charset', 'collate' ); } /** * Sets the connection's character set. * * @since 3.1.0 * * @param mysqli $dbh The connection returned by `mysqli_connect()`. * @param string $charset Optional. The character set. Default null. * @param string $collate Optional. The collation. Default null. */ public function set_charset( $dbh, $charset = null, $collate = null ) { if ( ! isset( $charset ) ) { $charset = $this->charset; } if ( ! isset( $collate ) ) { $collate = $this->collate; } if ( $this->has_cap( 'collation' ) && ! empty( $charset ) ) { $set_charset_succeeded = true; if ( function_exists( 'mysqli_set_charset' ) && $this->has_cap( 'set_charset' ) ) { $set_charset_succeeded = mysqli_set_charset( $dbh, $charset ); } if ( $set_charset_succeeded ) { $query = $this->prepare( 'SET NAMES %s', $charset ); if ( ! empty( $collate ) ) { $query .= $this->prepare( ' COLLATE %s', $collate ); } mysqli_query( $dbh, $query ); } } } /** * Changes the current SQL mode, and ensures its WordPress compatibility. * * If no modes are passed, it will ensure the current SQL server modes are compatible. * * @since 3.9.0 * * @param array $modes Optional. A list of SQL modes to set. Default empty array. */ public function set_sql_mode( $modes = array() ) { if ( empty( $modes ) ) { $res = mysqli_query( $this->dbh, 'SELECT @@SESSION.sql_mode' ); if ( empty( $res ) ) { return; } $modes_array = mysqli_fetch_array( $res ); if ( empty( $modes_array[0] ) ) { return; } $modes_str = $modes_array[0]; if ( empty( $modes_str ) ) { return; } $modes = explode( ',', $modes_str ); } $modes = array_change_key_case( $modes, CASE_UPPER ); /** * Filters the list of incompatible SQL modes to exclude. * * @since 3.9.0 * * @param array $incompatible_modes An array of incompatible modes. */ $incompatible_modes = (array) apply_filters( 'incompatible_sql_modes', $this->incompatible_modes ); foreach ( $modes as $i => $mode ) { if ( in_array( $mode, $incompatible_modes, true ) ) { unset( $modes[ $i ] ); } } $modes_str = implode( ',', $modes ); mysqli_query( $this->dbh, "SET SESSION sql_mode='$modes_str'" ); } /** * Sets the table prefix for the WordPress tables. * * @since 2.5.0 * * @param string $prefix Alphanumeric name for the new prefix. * @param bool $set_table_names Optional. Whether the table names, e.g. wpdb::$posts, * should be updated or not. Default true. * @return string|WP_Error Old prefix or WP_Error on error. */ public function set_prefix( $prefix, $set_table_names = true ) { if ( preg_match( '|[^a-z0-9_]|i', $prefix ) ) { return new WP_Error( 'invalid_db_prefix', 'Invalid database prefix' ); } $old_prefix = is_multisite() ? '' : $prefix; if ( isset( $this->base_prefix ) ) { $old_prefix = $this->base_prefix; } $this->base_prefix = $prefix; if ( $set_table_names ) { foreach ( $this->tables( 'global' ) as $table => $prefixed_table ) { $this->$table = $prefixed_table; } if ( is_multisite() && empty( $this->blogid ) ) { return $old_prefix; } $this->prefix = $this->get_blog_prefix(); foreach ( $this->tables( 'blog' ) as $table => $prefixed_table ) { $this->$table = $prefixed_table; } foreach ( $this->tables( 'old' ) as $table => $prefixed_table ) { $this->$table = $prefixed_table; } } return $old_prefix; } /** * Sets blog ID. * * @since 3.0.0 * * @param int $blog_id * @param int $network_id Optional. Network ID. Default 0. * @return int Previous blog ID. */ public function set_blog_id( $blog_id, $network_id = 0 ) { if ( ! empty( $network_id ) ) { $this->siteid = $network_id; } $old_blog_id = $this->blogid; $this->blogid = $blog_id; $this->prefix = $this->get_blog_prefix(); foreach ( $this->tables( 'blog' ) as $table => $prefixed_table ) { $this->$table = $prefixed_table; } foreach ( $this->tables( 'old' ) as $table => $prefixed_table ) { $this->$table = $prefixed_table; } return $old_blog_id; } /** * Gets blog prefix. * * @since 3.0.0 * * @param int $blog_id Optional. Blog ID to retrieve the table prefix for. * Defaults to the current blog ID. * @return string Blog prefix. */ public function get_blog_prefix( $blog_id = null ) { if ( is_multisite() ) { if ( null === $blog_id ) { $blog_id = $this->blogid; } $blog_id = (int) $blog_id; if ( defined( 'MULTISITE' ) && ( 0 === $blog_id || 1 === $blog_id ) ) { return $this->base_prefix; } else { return $this->base_prefix . $blog_id . '_'; } } else { return $this->base_prefix; } } /** * Returns an array of WordPress tables. * * Also allows for the `CUSTOM_USER_TABLE` and `CUSTOM_USER_META_TABLE` to override the WordPress users * and usermeta tables that would otherwise be determined by the prefix. * * The `$scope` argument can take one of the following: * * - 'all' - returns 'all' and 'global' tables. No old tables are returned. * - 'blog' - returns the blog-level tables for the queried blog. * - 'global' - returns the global tables for the installation, returning multisite tables only on multisite. * - 'ms_global' - returns the multisite global tables, regardless if current installation is multisite. * - 'old' - returns tables which are deprecated. * * @since 3.0.0 * @since 6.1.0 `old` now includes deprecated multisite global tables only on multisite. * * @uses wpdb::$tables * @uses wpdb::$old_tables * @uses wpdb::$global_tables * @uses wpdb::$ms_global_tables * @uses wpdb::$old_ms_global_tables * * @param string $scope Optional. Possible values include 'all', 'global', 'ms_global', 'blog', * or 'old' tables. Default 'all'. * @param bool $prefix Optional. Whether to include table prefixes. If blog prefix is requested, * then the custom users and usermeta tables will be mapped. Default true. * @param int $blog_id Optional. The blog_id to prefix. Used only when prefix is requested. * Defaults to `wpdb::$blogid`. * @return string[] Table names. When a prefix is requested, the key is the unprefixed table name. */ public function tables( $scope = 'all', $prefix = true, $blog_id = 0 ) { switch ( $scope ) { case 'all': $tables = array_merge( $this->global_tables, $this->tables ); if ( is_multisite() ) { $tables = array_merge( $tables, $this->ms_global_tables ); } break; case 'blog': $tables = $this->tables; break; case 'global': $tables = $this->global_tables; if ( is_multisite() ) { $tables = array_merge( $tables, $this->ms_global_tables ); } break; case 'ms_global': $tables = $this->ms_global_tables; break; case 'old': $tables = $this->old_tables; if ( is_multisite() ) { $tables = array_merge( $tables, $this->old_ms_global_tables ); } break; default: return array(); } if ( $prefix ) { if ( ! $blog_id ) { $blog_id = $this->blogid; } $blog_prefix = $this->get_blog_prefix( $blog_id ); $base_prefix = $this->base_prefix; $global_tables = array_merge( $this->global_tables, $this->ms_global_tables ); foreach ( $tables as $k => $table ) { if ( in_array( $table, $global_tables, true ) ) { $tables[ $table ] = $base_prefix . $table; } else { $tables[ $table ] = $blog_prefix . $table; } unset( $tables[ $k ] ); } if ( isset( $tables['users'] ) && defined( 'CUSTOM_USER_TABLE' ) ) { $tables['users'] = CUSTOM_USER_TABLE; } if ( isset( $tables['usermeta'] ) && defined( 'CUSTOM_USER_META_TABLE' ) ) { $tables['usermeta'] = CUSTOM_USER_META_TABLE; } } return $tables; } /** * Selects a database using the current or provided database connection. * * The database name will be changed based on the current database connection. * On failure, the execution will bail and display a DB error. * * @since 0.71 * * @param string $db Database name. * @param mysqli $dbh Optional. Database connection. * Defaults to the current database handle. */ public function select( $db, $dbh = null ) { if ( is_null( $dbh ) ) { $dbh = $this->dbh; } $success = mysqli_select_db( $dbh, $db ); if ( ! $success ) { $this->ready = false; if ( ! did_action( 'template_redirect' ) ) { wp_load_translations_early(); $message = '<h1>' . __( 'Cannot select database' ) . "</h1>\n"; $message .= '<p>' . sprintf( /* translators: %s: Database name. */ __( 'The database server could be connected to (which means your username and password is okay) but the %s database could not be selected.' ), '<code>' . htmlspecialchars( $db, ENT_QUOTES ) . '</code>' ) . "</p>\n"; $message .= "<ul>\n"; $message .= '<li>' . __( 'Are you sure it exists?' ) . "</li>\n"; $message .= '<li>' . sprintf( /* translators: 1: Database user, 2: Database name. */ __( 'Does the user %1$s have permission to use the %2$s database?' ), '<code>' . htmlspecialchars( $this->dbuser, ENT_QUOTES ) . '</code>', '<code>' . htmlspecialchars( $db, ENT_QUOTES ) . '</code>' ) . "</li>\n"; $message .= '<li>' . sprintf( /* translators: %s: Database name. */ __( 'On some systems the name of your database is prefixed with your username, so it would be like <code>username_%1$s</code>. Could that be the problem?' ), htmlspecialchars( $db, ENT_QUOTES ) ) . "</li>\n"; $message .= "</ul>\n"; $message .= '<p>' . sprintf( /* translators: %s: Support forums URL. */ __( 'If you do not know how to set up a database you should <strong>contact your host</strong>. If all else fails you may find help at the <a href="%s">WordPress support forums</a>.' ), __( 'https://wordpress.org/support/forums/' ) ) . "</p>\n"; $this->bail( $message, 'db_select_fail' ); } } } /** * Do not use, deprecated. * * Use esc_sql() or wpdb::prepare() instead. * * @since 2.8.0 * @deprecated 3.6.0 Use wpdb::prepare() * @see wpdb::prepare() * @see esc_sql() * * @param string $data * @return string */ public function _weak_escape( $data ) { if ( func_num_args() === 1 && function_exists( '_deprecated_function' ) ) { _deprecated_function( __METHOD__, '3.6.0', 'wpdb::prepare() or esc_sql()' ); } return addslashes( $data ); } /** * Real escape using mysqli_real_escape_string(). * * @since 2.8.0 * * @see mysqli_real_escape_string() * * @param string $data String to escape. * @return string Escaped string. */ public function _real_escape( $data ) { if ( ! is_scalar( $data ) ) { return ''; } if ( $this->dbh ) { $escaped = mysqli_real_escape_string( $this->dbh, $data ); } else { $class = get_class( $this ); wp_load_translations_early(); /* translators: %s: Database access abstraction class, usually wpdb or a class extending wpdb. */ _doing_it_wrong( $class, sprintf( __( '%s must set a database connection for use with escaping.' ), $class ), '3.6.0' ); $escaped = addslashes( $data ); } return $this->add_placeholder_escape( $escaped ); } /** * Escapes data. Works on arrays. * * @since 2.8.0 * * @uses wpdb::_real_escape() * * @param string|array $data Data to escape. * @return string|array Escaped data, in the same type as supplied. */ public function _escape( $data ) { if ( is_array( $data ) ) { foreach ( $data as $k => $v ) { if ( is_array( $v ) ) { $data[ $k ] = $this->_escape( $v ); } else { $data[ $k ] = $this->_real_escape( $v ); } } } else { $data = $this->_real_escape( $data ); } return $data; } /** * Do not use, deprecated. * * Use esc_sql() or wpdb::prepare() instead. * * @since 0.71 * @deprecated 3.6.0 Use wpdb::prepare() * @see wpdb::prepare() * @see esc_sql() * * @param string|array $data Data to escape. * @return string|array Escaped data, in the same type as supplied. */ public function escape( $data ) { if ( func_num_args() === 1 && function_exists( '_deprecated_function' ) ) { _deprecated_function( __METHOD__, '3.6.0', 'wpdb::prepare() or esc_sql()' ); } if ( is_array( $data ) ) { foreach ( $data as $k => $v ) { if ( is_array( $v ) ) { $data[ $k ] = $this->escape( $v, 'recursive' ); } else { $data[ $k ] = $this->_weak_escape( $v, 'internal' ); } } } else { $data = $this->_weak_escape( $data, 'internal' ); } return $data; } /** * Escapes content by reference for insertion into the database, for security. * * @uses wpdb::_real_escape() * * @since 2.3.0 * * @param string $data String to escape. */ public function escape_by_ref( &$data ) { if ( ! is_float( $data ) ) { $data = $this->_real_escape( $data ); } } /** * Quotes an identifier such as a table or field name. * * @since 6.2.0 * * @param string $identifier Identifier to escape. * @return string Escaped identifier. */ public function quote_identifier( $identifier ) { return '`' . $this->_escape_identifier_value( $identifier ) . '`'; } /** * Escapes an identifier value without adding the surrounding quotes. * * - Permitted characters in quoted identifiers include the full Unicode * Basic Multilingual Plane (BMP), except U+0000. * - To quote the identifier itself, you need to double the character, e.g. `a``b`. * * @since 6.2.0 * * @link https://dev.mysql.com/doc/refman/8.0/en/identifiers.html * * @param string $identifier Identifier to escape. * @return string Escaped identifier. */ private function _escape_identifier_value( $identifier ) { return str_replace( '`', '``', $identifier ); } /** * Prepares a SQL query for safe execution. * * Uses `sprintf()`-like syntax. The following placeholders can be used in the query string: * * - `%d` (integer) * - `%f` (float) * - `%s` (string) * - `%i` (identifier, e.g. table/field names) * * All placeholders MUST be left unquoted in the query string. A corresponding argument * MUST be passed for each placeholder. * * Note: There is one exception to the above: for compatibility with old behavior, * numbered or formatted string placeholders (eg, `%1$s`, `%5s`) will not have quotes * added by this function, so should be passed with appropriate quotes around them. * * Literal percentage signs (`%`) in the query string must be written as `%%`. Percentage wildcards * (for example, to use in LIKE syntax) must be passed via a substitution argument containing * the complete LIKE string, these cannot be inserted directly in the query string. * Also see wpdb::esc_like(). * * Arguments may be passed as individual arguments to the method, or as a single array * containing all arguments. A combination of the two is not supported. * * Examples: * * $wpdb->prepare( * "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d OR `other_field` LIKE %s", * array( 'foo', 1337, '%bar' ) * ); * * $wpdb->prepare( * "SELECT DATE_FORMAT(`field`, '%%c') FROM `table` WHERE `column` = %s", * 'foo' * ); * * $wpdb->prepare( * "SELECT * FROM %i WHERE %i = %s", * $table, * $field, * $value * ); * * @since 2.3.0 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter * by updating the function signature. The second parameter was changed * from `$args` to `...$args`. * @since 6.2.0 Added `%i` for identifiers, e.g. table or field names. * Check support via `wpdb::has_cap( 'identifier_placeholders' )`. * This preserves compatibility with `sprintf()`, as the C version uses * `%d` and `$i` as a signed integer, whereas PHP only supports `%d`. * * @link https://www.php.net/sprintf Description of syntax. * * @param string $query Query statement with `sprintf()`-like placeholders. * @param array|mixed $args The array of variables to substitute into the query's placeholders * if being called with an array of arguments, or the first variable * to substitute into the query's placeholders if being called with * individual arguments. * @param mixed ...$args Further variables to substitute into the query's placeholders * if being called with individual arguments. * @return string|void Sanitized query string, if there is a query to prepare. */ public function prepare( $query, ...$args ) { if ( is_null( $query ) ) { return; } /* * This is not meant to be foolproof -- but it will catch obviously incorrect usage. * * Note: str_contains() is not used here, as this file can be included * directly outside of WordPress core, e.g. by HyperDB, in which case * the polyfills from wp-includes/compat.php are not loaded. */ if ( false === strpos( $query, '%' ) ) { wp_load_translations_early(); _doing_it_wrong( 'wpdb::prepare', sprintf( /* translators: %s: wpdb::prepare() */ __( 'The query argument of %s must have a placeholder.' ), 'wpdb::prepare()' ), '3.9.0' ); } /* * Specify the formatting allowed in a placeholder. The following are allowed: * * - Sign specifier, e.g. $+d * - Numbered placeholders, e.g. %1$s * - Padding specifier, including custom padding characters, e.g. %05s, %'#5s * - Alignment specifier, e.g. %05-s * - Precision specifier, e.g. %.2f */ $allowed_format = '(?:[1-9][0-9]*[$])?[-+0-9]*(?: |0|\'.)?[-+0-9]*(?:\.[0-9]+)?'; /* * If a %s placeholder already has quotes around it, removing the existing quotes * and re-inserting them ensures the quotes are consistent. * * For backward compatibility, this is only applied to %s, and not to placeholders like %1$s, * which are frequently used in the middle of longer strings, or as table name placeholders. */ $query = str_replace( "'%s'", '%s', $query ); // Strip any existing single quotes. $query = str_replace( '"%s"', '%s', $query ); // Strip any existing double quotes. // Escape any unescaped percents (i.e. anything unrecognised). $query = preg_replace( "/%(?:%|$|(?!($allowed_format)?[sdfFi]))/", '%%\\1', $query ); // Extract placeholders from the query. $split_query = preg_split( "/(^|[^%]|(?:%%)+)(%(?:$allowed_format)?[sdfFi])/", $query, -1, PREG_SPLIT_DELIM_CAPTURE ); $split_query_count = count( $split_query ); /* * Split always returns with 1 value before the first placeholder (even with $query = "%s"), * then 3 additional values per placeholder. */ $placeholder_count = ( ( $split_query_count - 1 ) / 3 ); // If args were passed as an array, as in vsprintf(), move them up. $passed_as_array = ( isset( $args[0] ) && is_array( $args[0] ) && 1 === count( $args ) ); if ( $passed_as_array ) { $args = $args[0]; } $new_query = ''; $key = 2; // Keys 0 and 1 in $split_query contain values before the first placeholder. $arg_id = 0; $arg_identifiers = array(); $arg_strings = array(); while ( $key < $split_query_count ) { $placeholder = $split_query[ $key ]; $format = substr( $placeholder, 1, -1 ); $type = substr( $placeholder, -1 ); if ( 'f' === $type && true === $this->allow_unsafe_unquoted_parameters /* * Note: str_ends_with() is not used here, as this file can be included * directly outside of WordPress core, e.g. by HyperDB, in which case * the polyfills from wp-includes/compat.php are not loaded. */ && '%' === substr( $split_query[ $key - 1 ], -1, 1 ) ) { /* * Before WP 6.2 the "force floats to be locale-unaware" RegEx didn't * convert "%%%f" to "%%%F" (note the uppercase F). * This was because it didn't check to see if the leading "%" was escaped. * And because the "Escape any unescaped percents" RegEx used "[sdF]" in its * negative lookahead assertion, when there was an odd number of "%", it added * an extra "%", to give the fully escaped "%%%%f" (not a placeholder). */ $s = $split_query[ $key - 2 ] . $split_query[ $key - 1 ]; $k = 1; $l = strlen( $s ); while ( $k <= $l && '%' === $s[ $l - $k ] ) { ++$k; } $placeholder = '%' . ( $k % 2 ? '%' : '' ) . $format . $type; --$placeholder_count; } else { // Force floats to be locale-unaware. if ( 'f' === $type ) { $type = 'F'; $placeholder = '%' . $format . $type; } if ( 'i' === $type ) { $placeholder = '`%' . $format . 's`'; // Using a simple strpos() due to previous checking (e.g. $allowed_format). $argnum_pos = strpos( $format, '$' ); if ( false !== $argnum_pos ) { // sprintf() argnum starts at 1, $arg_id from 0. $arg_identifiers[] = ( ( (int) substr( $format, 0, $argnum_pos ) ) - 1 ); } else { $arg_identifiers[] = $arg_id; } } elseif ( 'd' !== $type && 'F' !== $type ) { /* * i.e. ( 's' === $type ), where 'd' and 'F' keeps $placeholder unchanged, * and we ensure string escaping is used as a safe default (e.g. even if 'x'). */ $argnum_pos = strpos( $format, '$' ); if ( false !== $argnum_pos ) { $arg_strings[] = ( ( (int) substr( $format, 0, $argnum_pos ) ) - 1 ); } else { $arg_strings[] = $arg_id; } /* * Unquoted strings for backward compatibility (dangerous). * First, "numbered or formatted string placeholders (eg, %1$s, %5s)". * Second, if "%s" has a "%" before it, even if it's unrelated (e.g. "LIKE '%%%s%%'"). */ if ( true !== $this->allow_unsafe_unquoted_parameters /* * Note: str_ends_with() is not used here, as this file can be included * directly outside of WordPress core, e.g. by HyperDB, in which case * the polyfills from wp-includes/compat.php are not loaded. */ || ( '' === $format && '%' !== substr( $split_query[ $key - 1 ], -1, 1 ) ) ) { $placeholder = "'%" . $format . "s'"; } } } // Glue (-2), any leading characters (-1), then the new $placeholder. $new_query .= $split_query[ $key - 2 ] . $split_query[ $key - 1 ] . $placeholder; $key += 3; ++$arg_id; } // Replace $query; and add remaining $query characters, or index 0 if there were no placeholders. $query = $new_query . $split_query[ $key - 2 ]; $dual_use = array_intersect( $arg_identifiers, $arg_strings ); if ( count( $dual_use ) > 0 ) { wp_load_translations_early(); $used_placeholders = array(); $key = 2; $arg_id = 0; // Parse again (only used when there is an error). while ( $key < $split_query_count ) { $placeholder = $split_query[ $key ]; $format = substr( $placeholder, 1, -1 ); $argnum_pos = strpos( $format, '$' ); if ( false !== $argnum_pos ) { $arg_pos = ( ( (int) substr( $format, 0, $argnum_pos ) ) - 1 ); } else { $arg_pos = $arg_id; } $used_placeholders[ $arg_pos ][] = $placeholder; $key += 3; ++$arg_id; } $conflicts = array(); foreach ( $dual_use as $arg_pos ) { $conflicts[] = implode( ' and ', $used_placeholders[ $arg_pos ] ); } _doing_it_wrong( 'wpdb::prepare', sprintf( /* translators: %s: A list of placeholders found to be a problem. */ __( 'Arguments cannot be prepared as both an Identifier and Value. Found the following conflicts: %s' ), implode( ', ', $conflicts ) ), '6.2.0' ); return; } $args_count = count( $args ); if ( $args_count !== $placeholder_count ) { if ( 1 === $placeholder_count && $passed_as_array ) { /* * If the passed query only expected one argument, * but the wrong number of arguments was sent as an array, bail. */ wp_load_translations_early(); _doing_it_wrong( 'wpdb::prepare', __( 'The query only expected one placeholder, but an array of multiple placeholders was sent.' ), '4.9.0' ); return; } else { /* * If we don't have the right number of placeholders, * but they were passed as individual arguments, * or we were expecting multiple arguments in an array, throw a warning. */ wp_load_translations_early(); _doing_it_wrong( 'wpdb::prepare', sprintf( /* translators: 1: Number of placeholders, 2: Number of arguments passed. */ __( 'The query does not contain the correct number of placeholders (%1$d) for the number of arguments passed (%2$d).' ), $placeholder_count, $args_count ), '4.8.3' ); /* * If we don't have enough arguments to match the placeholders, * return an empty string to avoid a fatal error on PHP 8. */ if ( $args_count < $placeholder_count ) { $max_numbered_placeholder = 0; for ( $i = 2, $l = $split_query_count; $i < $l; $i += 3 ) { // Assume a leading number is for a numbered placeholder, e.g. '%3$s'. $argnum = (int) substr( $split_query[ $i ], 1 ); if ( $max_numbered_placeholder < $argnum ) { $max_numbered_placeholder = $argnum; } } if ( ! $max_numbered_placeholder || $args_count < $max_numbered_placeholder ) { return ''; } } } } $args_escaped = array(); foreach ( $args as $i => $value ) { if ( in_array( $i, $arg_identifiers, true ) ) { $args_escaped[] = $this->_escape_identifier_value( $value ); } elseif ( is_int( $value ) || is_float( $value ) ) { $args_escaped[] = $value; } else { if ( ! is_scalar( $value ) && ! is_null( $value ) ) { wp_load_translations_early(); _doing_it_wrong( 'wpdb::prepare', sprintf( /* translators: %s: Value type. */ __( 'Unsupported value type (%s).' ), gettype( $value ) ), '4.8.2' ); // Preserving old behavior, where values are escaped as strings. $value = ''; } $args_escaped[] = $this->_real_escape( $value ); } } $query = vsprintf( $query, $args_escaped ); return $this->add_placeholder_escape( $query ); } /** * First half of escaping for `LIKE` special characters `%` and `_` before preparing for SQL. * * Use this only before wpdb::prepare() or esc_sql(). Reversing the order is very bad for security. * * Example Prepared Statement: * * $wild = '%'; * $find = 'only 43% of planets'; * $like = $wild . $wpdb->esc_like( $find ) . $wild; * $sql = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like ); * * Example Escape Chain: * * $sql = esc_sql( $wpdb->esc_like( $input ) ); * * @since 4.0.0 * * @param string $text The raw text to be escaped. The input typed by the user * should have no extra or deleted slashes. * @return string Text in the form of a LIKE phrase. The output is not SQL safe. * Call wpdb::prepare() or wpdb::_real_escape() next. */ public function esc_like( $text ) { return addcslashes( $text, '_%\\' ); } /** * Prints SQL/DB error. * * @since 0.71 * * @global array $EZSQL_ERROR Stores error information of query and error string. * * @param string $str The error to display. * @return void|false Void if the showing of errors is enabled, false if disabled. */ public function print_error( $str = '' ) { global $EZSQL_ERROR; if ( ! $str ) { $str = mysqli_error( $this->dbh ); } $EZSQL_ERROR[] = array( 'query' => $this->last_query, 'error_str' => $str, ); if ( $this->suppress_errors ) { return false; } $caller = $this->get_caller(); if ( $caller ) { // Not translated, as this will only appear in the error log. $error_str = sprintf( 'WordPress database error %1$s for query %2$s made by %3$s', $str, $this->last_query, $caller ); } else { $error_str = sprintf( 'WordPress database error %1$s for query %2$s', $str, $this->last_query ); } error_log( $error_str ); // Are we showing errors? if ( ! $this->show_errors ) { return false; } wp_load_translations_early(); // If there is an error then take note of it. if ( is_multisite() ) { $msg = sprintf( "%s [%s]\n%s\n", __( 'WordPress database error:' ), $str, $this->last_query ); if ( defined( 'ERRORLOGFILE' ) ) { error_log( $msg, 3, ERRORLOGFILE ); } if ( defined( 'DIEONDBERROR' ) ) { wp_die( $msg ); } } else { $str = htmlspecialchars( $str, ENT_QUOTES ); $query = htmlspecialchars( $this->last_query, ENT_QUOTES ); printf( '<div id="error"><p class="wpdberror"><strong>%s</strong> [%s]<br /><code>%s</code></p></div>', __( 'WordPress database error:' ), $str, $query ); } } /** * Enables showing of database errors. * * This function should be used only to enable showing of errors. * wpdb::hide_errors() should be used instead for hiding errors. * * @since 0.71 * * @see wpdb::hide_errors() * * @param bool $show Optional. Whether to show errors. Default true. * @return bool Whether showing of errors was previously active. */ public function show_errors( $show = true ) { $errors = $this->show_errors; $this->show_errors = $show; return $errors; } /** * Disables showing of database errors. * * By default database errors are not shown. * * @since 0.71 * * @see wpdb::show_errors() * * @return bool Whether showing of errors was previously active. */ public function hide_errors() { $show = $this->show_errors; $this->show_errors = false; return $show; } /** * Enables or disables suppressing of database errors. * * By default database errors are suppressed. * * @since 2.5.0 * * @see wpdb::hide_errors() * * @param bool $suppress Optional. Whether to suppress errors. Default true. * @return bool Whether suppressing of errors was previously active. */ public function suppress_errors( $suppress = true ) { $errors = $this->suppress_errors; $this->suppress_errors = (bool) $suppress; return $errors; } /** * Kills cached query results. * * @since 0.71 */ public function flush() { $this->last_result = array(); $this->col_info = null; $this->last_query = null; $this->rows_affected = 0; $this->num_rows = 0; $this->last_error = ''; if ( $this->result instanceof mysqli_result ) { mysqli_free_result( $this->result ); $this->result = null; // Confidence check before using the handle. if ( empty( $this->dbh ) || ! ( $this->dbh instanceof mysqli ) ) { return; } // Clear out any results from a multi-query. while ( mysqli_more_results( $this->dbh ) ) { mysqli_next_result( $this->dbh ); } } } /** * Connects to and selects database. * * If `$allow_bail` is false, the lack of database connection will need to be handled manually. * * @since 3.0.0 * @since 3.9.0 $allow_bail parameter added. * * @param bool $allow_bail Optional. Allows the function to bail. Default true. * @return bool True with a successful connection, false on failure. */ public function db_connect( $allow_bail = true ) { $this->is_mysql = true; $client_flags = defined( 'MYSQL_CLIENT_FLAGS' ) ? MYSQL_CLIENT_FLAGS : 0; /* * Switch error reporting off because WordPress handles its own. * This is due to the default value change from `MYSQLI_REPORT_OFF` * to `MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT` in PHP 8.1. */ mysqli_report( MYSQLI_REPORT_OFF ); $this->dbh = mysqli_init(); $host = $this->dbhost; $port = null; $socket = null; $is_ipv6 = false; $host_data = $this->parse_db_host( $this->dbhost ); if ( $host_data ) { list( $host, $port, $socket, $is_ipv6 ) = $host_data; } /* * If using the `mysqlnd` library, the IPv6 address needs to be enclosed * in square brackets, whereas it doesn't while using the `libmysqlclient` library. * @see https://bugs.php.net/bug.php?id=67563 */ if ( $is_ipv6 && extension_loaded( 'mysqlnd' ) ) { $host = "[$host]"; } if ( WP_DEBUG ) { mysqli_real_connect( $this->dbh, $host, $this->dbuser, $this->dbpassword, null, $port, $socket, $client_flags ); } else { // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged @mysqli_real_connect( $this->dbh, $host, $this->dbuser, $this->dbpassword, null, $port, $socket, $client_flags ); } if ( $this->dbh->connect_errno ) { $this->dbh = null; } if ( ! $this->dbh && $allow_bail ) { wp_load_translations_early(); // Load custom DB error template, if present. if ( file_exists( WP_CONTENT_DIR . '/db-error.php' ) ) { require_once WP_CONTENT_DIR . '/db-error.php'; die(); } $message = '<h1>' . __( 'Error establishing a database connection' ) . "</h1>\n"; $message .= '<p>' . sprintf( /* translators: 1: wp-config.php, 2: Database host. */ __( 'This either means that the username and password information in your %1$s file is incorrect or that contact with the database server at %2$s could not be established. This could mean your host’s database server is down.' ), '<code>wp-config.php</code>', '<code>' . htmlspecialchars( $this->dbhost, ENT_QUOTES ) . '</code>' ) . "</p>\n"; $message .= "<ul>\n"; $message .= '<li>' . __( 'Are you sure you have the correct username and password?' ) . "</li>\n"; $message .= '<li>' . __( 'Are you sure you have typed the correct hostname?' ) . "</li>\n"; $message .= '<li>' . __( 'Are you sure the database server is running?' ) . "</li>\n"; $message .= "</ul>\n"; $message .= '<p>' . sprintf( /* translators: %s: Support forums URL. */ __( 'If you are unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href="%s">WordPress support forums</a>.' ), __( 'https://wordpress.org/support/forums/' ) ) . "</p>\n"; $this->bail( $message, 'db_connect_fail' ); return false; } elseif ( $this->dbh ) { if ( ! $this->has_connected ) { $this->init_charset(); } $this->has_connected = true; $this->set_charset( $this->dbh ); $this->ready = true; $this->set_sql_mode(); $this->select( $this->dbname, $this->dbh ); return true; } return false; } /** * Parses the DB_HOST setting to interpret it for mysqli_real_connect(). * * mysqli_real_connect() doesn't support the host param including a port or socket * like mysql_connect() does. This duplicates how mysql_connect() detects a port * and/or socket file. * * @since 4.9.0 * * @param string $host The DB_HOST setting to parse. * @return array|false { * Array containing the host, the port, the socket and * whether it is an IPv6 address, in that order. * False if the host couldn't be parsed. * * @type string $0 Host name. * @type string|null $1 Port. * @type string|null $2 Socket. * @type bool $3 Whether it is an IPv6 address. * } */ public function parse_db_host( $host ) { $socket = null; $is_ipv6 = false; // First peel off the socket parameter from the right, if it exists. $socket_pos = strpos( $host, ':/' ); if ( false !== $socket_pos ) { $socket = substr( $host, $socket_pos + 1 ); $host = substr( $host, 0, $socket_pos ); } /* * We need to check for an IPv6 address first. * An IPv6 address will always contain at least two colons. */ if ( substr_count( $host, ':' ) > 1 ) { $pattern = '#^(?:\[)?(?P<host>[0-9a-fA-F:]+)(?:\]:(?P<port>[\d]+))?#'; $is_ipv6 = true; } else { // We seem to be dealing with an IPv4 address. $pattern = '#^(?P<host>[^:/]*)(?::(?P<port>[\d]+))?#'; } $matches = array(); $result = preg_match( $pattern, $host, $matches ); if ( 1 !== $result ) { // Couldn't parse the address, bail. return false; } $host = ! empty( $matches['host'] ) ? $matches['host'] : ''; // Port cannot be a string; must be null or an integer. $port = ! empty( $matches['port'] ) ? absint( $matches['port'] ) : null; return array( $host, $port, $socket, $is_ipv6 ); } /** * Checks that the connection to the database is still up. If not, try to reconnect. * * If this function is unable to reconnect, it will forcibly die, or if called * after the {@see 'template_redirect'} hook has been fired, return false instead. * * If `$allow_bail` is false, the lack of database connection will need to be handled manually. * * @since 3.9.0 * * @param bool $allow_bail Optional. Allows the function to bail. Default true. * @return bool|void True if the connection is up. */ public function check_connection( $allow_bail = true ) { // Check if the connection is alive. if ( ! empty( $this->dbh ) && mysqli_query( $this->dbh, 'DO 1' ) !== false ) { return true; } $error_reporting = false; // Disable warnings, as we don't want to see a multitude of "unable to connect" messages. if ( WP_DEBUG ) { $error_reporting = error_reporting(); error_reporting( $error_reporting & ~E_WARNING ); } for ( $tries = 1; $tries <= $this->reconnect_retries; $tries++ ) { /* * On the last try, re-enable warnings. We want to see a single instance * of the "unable to connect" message on the bail() screen, if it appears. */ if ( $this->reconnect_retries === $tries && WP_DEBUG ) { error_reporting( $error_reporting ); } if ( $this->db_connect( false ) ) { if ( $error_reporting ) { error_reporting( $error_reporting ); } return true; } sleep( 1 ); } /* * If template_redirect has already happened, it's too late for wp_die()/dead_db(). * Let's just return and hope for the best. */ if ( did_action( 'template_redirect' ) ) { return false; } if ( ! $allow_bail ) { return false; } wp_load_translations_early(); $message = '<h1>' . __( 'Error reconnecting to the database' ) . "</h1>\n"; $message .= '<p>' . sprintf( /* translators: %s: Database host. */ __( 'This means that the contact with the database server at %s was lost. This could mean your host’s database server is down.' ), '<code>' . htmlspecialchars( $this->dbhost, ENT_QUOTES ) . '</code>' ) . "</p>\n"; $message .= "<ul>\n"; $message .= '<li>' . __( 'Are you sure the database server is running?' ) . "</li>\n"; $message .= '<li>' . __( 'Are you sure the database server is not under particularly heavy load?' ) . "</li>\n"; $message .= "</ul>\n"; $message .= '<p>' . sprintf( /* translators: %s: Support forums URL. */ __( 'If you are unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href="%s">WordPress support forums</a>.' ), __( 'https://wordpress.org/support/forums/' ) ) . "</p>\n"; // We weren't able to reconnect, so we better bail. $this->bail( $message, 'db_connect_fail' ); /* * Call dead_db() if bail didn't die, because this database is no more. * It has ceased to be (at least temporarily). */ dead_db(); } /** * Performs a database query, using current database connection. * * More information can be found on the documentation page. * * @since 0.71 * * @link https://developer.wordpress.org/reference/classes/wpdb/ * * @param string $query Database query. * @return int|bool Boolean true for CREATE, ALTER, TRUNCATE and DROP queries. Number of rows * affected/selected for all other queries. Boolean false on error. */ public function query( $query ) { if ( ! $this->ready ) { $this->check_current_query = true; return false; } /** * Filters the database query. * * Some queries are made before the plugins have been loaded, * and thus cannot be filtered with this method. * * @since 2.1.0 * * @param string $query Database query. */ $query = apply_filters( 'query', $query ); if ( ! $query ) { $this->insert_id = 0; return false; } $this->flush(); // Log how the function was called. $this->func_call = "\$db->query(\"$query\")"; // If we're writing to the database, make sure the query will write safely. if ( $this->check_current_query && ! $this->check_ascii( $query ) ) { $stripped_query = $this->strip_invalid_text_from_query( $query ); /* * strip_invalid_text_from_query() can perform queries, so we need * to flush again, just to make sure everything is clear. */ $this->flush(); if ( $stripped_query !== $query ) { $this->insert_id = 0; $this->last_query = $query; wp_load_translations_early(); $this->last_error = __( 'WordPress database error: Could not perform query because it contains invalid data.' ); return false; } } $this->check_current_query = true; // Keep track of the last query for debug. $this->last_query = $query; $this->_do_query( $query ); // Database server has gone away, try to reconnect. $mysql_errno = 0; if ( $this->dbh instanceof mysqli ) { $mysql_errno = mysqli_errno( $this->dbh ); } else { /* * $dbh is defined, but isn't a real connection. * Something has gone horribly wrong, let's try a reconnect. */ $mysql_errno = 2006; } if ( empty( $this->dbh ) || 2006 === $mysql_errno ) { if ( $this->check_connection() ) { $this->_do_query( $query ); } else { $this->insert_id = 0; return false; } } // If there is an error then take note of it. if ( $this->dbh instanceof mysqli ) { $this->last_error = mysqli_error( $this->dbh ); } else { $this->last_error = __( 'Unable to retrieve the error message from the database server' ); } if ( $this->last_error ) { // Clear insert_id on a subsequent failed insert. if ( $this->insert_id && preg_match( '/^\s*(insert|replace)\s/i', $query ) ) { $this->insert_id = 0; } $this->print_error(); return false; } if ( preg_match( '/^\s*(create|alter|truncate|drop)\s/i', $query ) ) { $return_val = $this->result; } elseif ( preg_match( '/^\s*(insert|delete|update|replace)\s/i', $query ) ) { $this->rows_affected = mysqli_affected_rows( $this->dbh ); // Take note of the insert_id. if ( preg_match( '/^\s*(insert|replace)\s/i', $query ) ) { $this->insert_id = mysqli_insert_id( $this->dbh ); } // Return number of rows affected. $return_val = $this->rows_affected; } else { $num_rows = 0; if ( $this->result instanceof mysqli_result ) { while ( $row = mysqli_fetch_object( $this->result ) ) { $this->last_result[ $num_rows ] = $row; ++$num_rows; } } // Log and return the number of rows selected. $this->num_rows = $num_rows; $return_val = $num_rows; } return $return_val; } /** * Internal function to perform the mysqli_query() call. * * @since 3.9.0 * * @see wpdb::query() * * @param string $query The query to run. */ private function _do_query( $query ) { if ( defined( 'SAVEQUERIES' ) && SAVEQUERIES ) { $this->timer_start(); } if ( ! empty( $this->dbh ) ) { $this->result = mysqli_query( $this->dbh, $query ); } ++$this->num_queries; if ( defined( 'SAVEQUERIES' ) && SAVEQUERIES ) { $this->log_query( $query, $this->timer_stop(), $this->get_caller(), $this->time_start, array() ); } } /** * Logs query data. * * @since 5.3.0 * * @param string $query The query's SQL. * @param float $query_time Total time spent on the query, in seconds. * @param string $query_callstack Comma-separated list of the calling functions. * @param float $query_start Unix timestamp of the time at the start of the query. * @param array $query_data Custom query data. */ public function log_query( $query, $query_time, $query_callstack, $query_start, $query_data ) { /** * Filters the custom data to log alongside a query. * * Caution should be used when modifying any of this data, it is recommended that any additional * information you need to store about a query be added as a new associative array element. * * @since 5.3.0 * * @param array $query_data Custom query data. * @param string $query The query's SQL. * @param float $query_time Total time spent on the query, in seconds. * @param string $query_callstack Comma-separated list of the calling functions. * @param float $query_start Unix timestamp of the time at the start of the query. */ $query_data = apply_filters( 'log_query_custom_data', $query_data, $query, $query_time, $query_callstack, $query_start ); $this->queries[] = array( $query, $query_time, $query_callstack, $query_start, $query_data, ); } /** * Generates and returns a placeholder escape string for use in queries returned by ::prepare(). * * @since 4.8.3 * * @return string String to escape placeholders. */ public function placeholder_escape() { static $placeholder; if ( ! $placeholder ) { // Old WP installs may not have AUTH_SALT defined. $salt = defined( 'AUTH_SALT' ) && AUTH_SALT ? AUTH_SALT : (string) rand(); $placeholder = '{' . hash_hmac( 'sha256', uniqid( $salt, true ), $salt ) . '}'; } /* * Add the filter to remove the placeholder escaper. Uses priority 0, so that anything * else attached to this filter will receive the query with the placeholder string removed. */ if ( false === has_filter( 'query', array( $this, 'remove_placeholder_escape' ) ) ) { add_filter( 'query', array( $this, 'remove_placeholder_escape' ), 0 ); } return $placeholder; } /** * Adds a placeholder escape string, to escape anything that resembles a printf() placeholder. * * @since 4.8.3 * * @param string $query The query to escape. * @return string The query with the placeholder escape string inserted where necessary. */ public function add_placeholder_escape( $query ) { /* * To prevent returning anything that even vaguely resembles a placeholder, * we clobber every % we can find. */ return str_replace( '%', $this->placeholder_escape(), $query ); } /** * Removes the placeholder escape strings from a query. * * @since 4.8.3 * * @param string $query The query from which the placeholder will be removed. * @return string The query with the placeholder removed. */ public function remove_placeholder_escape( $query ) { return str_replace( $this->placeholder_escape(), '%', $query ); } /** * Inserts a row into the table. * * Examples: * * $wpdb->insert( * 'table', * array( * 'column1' => 'foo', * 'column2' => 'bar', * ) * ); * $wpdb->insert( * 'table', * array( * 'column1' => 'foo', * 'column2' => 1337, * ), * array( * '%s', * '%d', * ) * ); * * @since 2.5.0 * * @see wpdb::prepare() * @see wpdb::$field_types * @see wp_set_wpdb_vars() * * @param string $table Table name. * @param array $data Data to insert (in column => value pairs). * Both `$data` columns and `$data` values should be "raw" (neither should be SQL escaped). * Sending a null value will cause the column to be set to NULL - the corresponding * format is ignored in this case. * @param string[]|string $format Optional. An array of formats to be mapped to each of the value in `$data`. * If string, that format will be used for all of the values in `$data`. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in `$data` will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @return int|false The number of rows inserted, or false on error. */ public function insert( $table, $data, $format = null ) { return $this->_insert_replace_helper( $table, $data, $format, 'INSERT' ); } /** * Replaces a row in the table or inserts it if it does not exist, based on a PRIMARY KEY or a UNIQUE index. * * A REPLACE works exactly like an INSERT, except that if an old row in the table has the same value as a new row * for a PRIMARY KEY or a UNIQUE index, the old row is deleted before the new row is inserted. * * Examples: * * $wpdb->replace( * 'table', * array( * 'ID' => 123, * 'column1' => 'foo', * 'column2' => 'bar', * ) * ); * $wpdb->replace( * 'table', * array( * 'ID' => 456, * 'column1' => 'foo', * 'column2' => 1337, * ), * array( * '%d', * '%s', * '%d', * ) * ); * * @since 3.0.0 * * @see wpdb::prepare() * @see wpdb::$field_types * @see wp_set_wpdb_vars() * * @param string $table Table name. * @param array $data Data to insert (in column => value pairs). * Both `$data` columns and `$data` values should be "raw" (neither should be SQL escaped). * A primary key or unique index is required to perform a replace operation. * Sending a null value will cause the column to be set to NULL - the corresponding * format is ignored in this case. * @param string[]|string $format Optional. An array of formats to be mapped to each of the value in `$data`. * If string, that format will be used for all of the values in `$data`. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in `$data` will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @return int|false The number of rows affected, or false on error. */ public function replace( $table, $data, $format = null ) { return $this->_insert_replace_helper( $table, $data, $format, 'REPLACE' ); } /** * Helper function for insert and replace. * * Runs an insert or replace query based on `$type` argument. * * @since 3.0.0 * * @see wpdb::prepare() * @see wpdb::$field_types * @see wp_set_wpdb_vars() * * @param string $table Table name. * @param array $data Data to insert (in column => value pairs). * Both `$data` columns and `$data` values should be "raw" (neither should be SQL escaped). * Sending a null value will cause the column to be set to NULL - the corresponding * format is ignored in this case. * @param string[]|string $format Optional. An array of formats to be mapped to each of the value in `$data`. * If string, that format will be used for all of the values in `$data`. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in `$data` will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @param string $type Optional. Type of operation. Either 'INSERT' or 'REPLACE'. * Default 'INSERT'. * @return int|false The number of rows affected, or false on error. */ public function _insert_replace_helper( $table, $data, $format = null, $type = 'INSERT' ) { $this->insert_id = 0; if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ), true ) ) { return false; } $data = $this->process_fields( $table, $data, $format ); if ( false === $data ) { return false; } $formats = array(); $values = array(); foreach ( $data as $value ) { if ( is_null( $value['value'] ) ) { $formats[] = 'NULL'; continue; } $formats[] = $value['format']; $values[] = $value['value']; } $fields = '`' . implode( '`, `', array_keys( $data ) ) . '`'; $formats = implode( ', ', $formats ); $sql = "$type INTO `$table` ($fields) VALUES ($formats)"; $this->check_current_query = false; return $this->query( $this->prepare( $sql, $values ) ); } /** * Updates a row in the table. * * Examples: * * $wpdb->update( * 'table', * array( * 'column1' => 'foo', * 'column2' => 'bar', * ), * array( * 'ID' => 1, * ) * ); * $wpdb->update( * 'table', * array( * 'column1' => 'foo', * 'column2' => 1337, * ), * array( * 'ID' => 1, * ), * array( * '%s', * '%d', * ), * array( * '%d', * ) * ); * * @since 2.5.0 * * @see wpdb::prepare() * @see wpdb::$field_types * @see wp_set_wpdb_vars() * * @param string $table Table name. * @param array $data Data to update (in column => value pairs). * Both $data columns and $data values should be "raw" (neither should be SQL escaped). * Sending a null value will cause the column to be set to NULL - the corresponding * format is ignored in this case. * @param array $where A named array of WHERE clauses (in column => value pairs). * Multiple clauses will be joined with ANDs. * Both $where columns and $where values should be "raw". * Sending a null value will create an IS NULL comparison - the corresponding * format will be ignored in this case. * @param string[]|string $format Optional. An array of formats to be mapped to each of the values in $data. * If string, that format will be used for all of the values in $data. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in $data will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @param string[]|string $where_format Optional. An array of formats to be mapped to each of the values in $where. * If string, that format will be used for all of the items in $where. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in $where will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @return int|false The number of rows updated, or false on error. */ public function update( $table, $data, $where, $format = null, $where_format = null ) { if ( ! is_array( $data ) || ! is_array( $where ) ) { return false; } $data = $this->process_fields( $table, $data, $format ); if ( false === $data ) { return false; } $where = $this->process_fields( $table, $where, $where_format ); if ( false === $where ) { return false; } $fields = array(); $conditions = array(); $values = array(); foreach ( $data as $field => $value ) { if ( is_null( $value['value'] ) ) { $fields[] = "`$field` = NULL"; continue; } $fields[] = "`$field` = " . $value['format']; $values[] = $value['value']; } foreach ( $where as $field => $value ) { if ( is_null( $value['value'] ) ) { $conditions[] = "`$field` IS NULL"; continue; } $conditions[] = "`$field` = " . $value['format']; $values[] = $value['value']; } $fields = implode( ', ', $fields ); $conditions = implode( ' AND ', $conditions ); $sql = "UPDATE `$table` SET $fields WHERE $conditions"; $this->check_current_query = false; return $this->query( $this->prepare( $sql, $values ) ); } /** * Deletes a row in the table. * * Examples: * * $wpdb->delete( * 'table', * array( * 'ID' => 1, * ) * ); * $wpdb->delete( * 'table', * array( * 'ID' => 1, * ), * array( * '%d', * ) * ); * * @since 3.4.0 * * @see wpdb::prepare() * @see wpdb::$field_types * @see wp_set_wpdb_vars() * * @param string $table Table name. * @param array $where A named array of WHERE clauses (in column => value pairs). * Multiple clauses will be joined with ANDs. * Both $where columns and $where values should be "raw". * Sending a null value will create an IS NULL comparison - the corresponding * format will be ignored in this case. * @param string[]|string $where_format Optional. An array of formats to be mapped to each of the values in $where. * If string, that format will be used for all of the items in $where. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in $data will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @return int|false The number of rows deleted, or false on error. */ public function delete( $table, $where, $where_format = null ) { if ( ! is_array( $where ) ) { return false; } $where = $this->process_fields( $table, $where, $where_format ); if ( false === $where ) { return false; } $conditions = array(); $values = array(); foreach ( $where as $field => $value ) { if ( is_null( $value['value'] ) ) { $conditions[] = "`$field` IS NULL"; continue; } $conditions[] = "`$field` = " . $value['format']; $values[] = $value['value']; } $conditions = implode( ' AND ', $conditions ); $sql = "DELETE FROM `$table` WHERE $conditions"; $this->check_current_query = false; return $this->query( $this->prepare( $sql, $values ) ); } /** * Processes arrays of field/value pairs and field formats. * * This is a helper method for wpdb's CRUD methods, which take field/value pairs * for inserts, updates, and where clauses. This method first pairs each value * with a format. Then it determines the charset of that field, using that * to determine if any invalid text would be stripped. If text is stripped, * then field processing is rejected and the query fails. * * @since 4.2.0 * * @param string $table Table name. * @param array $data Array of values keyed by their field names. * @param string[]|string $format Formats or format to be mapped to the values in the data. * @return array|false An array of fields that contain paired value and formats. * False for invalid values. */ protected function process_fields( $table, $data, $format ) { $data = $this->process_field_formats( $data, $format ); if ( false === $data ) { return false; } $data = $this->process_field_charsets( $data, $table ); if ( false === $data ) { return false; } $data = $this->process_field_lengths( $data, $table ); if ( false === $data ) { return false; } $converted_data = $this->strip_invalid_text( $data ); if ( $data !== $converted_data ) { $problem_fields = array(); foreach ( $data as $field => $value ) { if ( $value !== $converted_data[ $field ] ) { $problem_fields[] = $field; } } wp_load_translations_early(); if ( 1 === count( $problem_fields ) ) { $this->last_error = sprintf( /* translators: %s: Database field where the error occurred. */ __( 'WordPress database error: Processing the value for the following field failed: %s. The supplied value may be too long or contains invalid data.' ), reset( $problem_fields ) ); } else { $this->last_error = sprintf( /* translators: %s: Database fields where the error occurred. */ __( 'WordPress database error: Processing the values for the following fields failed: %s. The supplied values may be too long or contain invalid data.' ), implode( ', ', $problem_fields ) ); } return false; } return $data; } /** * Prepares arrays of value/format pairs as passed to wpdb CRUD methods. * * @since 4.2.0 * * @param array $data Array of values keyed by their field names. * @param string[]|string $format Formats or format to be mapped to the values in the data. * @return array { * Array of values and formats keyed by their field names. * * @type array ...$0 { * Value and format for this field. * * @type mixed $value The value to be formatted. * @type string $format The format to be mapped to the value. * } * } */ protected function process_field_formats( $data, $format ) { $formats = (array) $format; $original_formats = $formats; foreach ( $data as $field => $value ) { $value = array( 'value' => $value, 'format' => '%s', ); if ( ! empty( $format ) ) { $value['format'] = array_shift( $formats ); if ( ! $value['format'] ) { $value['format'] = reset( $original_formats ); } } elseif ( isset( $this->field_types[ $field ] ) ) { $value['format'] = $this->field_types[ $field ]; } $data[ $field ] = $value; } return $data; } /** * Adds field charsets to field/value/format arrays generated by wpdb::process_field_formats(). * * @since 4.2.0 * * @param array $data { * Array of values and formats keyed by their field names, * as it comes from the wpdb::process_field_formats() method. * * @type array ...$0 { * Value and format for this field. * * @type mixed $value The value to be formatted. * @type string $format The format to be mapped to the value. * } * } * @param string $table Table name. * @return array|false { * The same array of data with additional 'charset' keys, or false if * the charset for the table cannot be found. * * @type array ...$0 { * Value, format, and charset for this field. * * @type mixed $value The value to be formatted. * @type string $format The format to be mapped to the value. * @type string|false $charset The charset to be used for the value. * } * } */ protected function process_field_charsets( $data, $table ) { foreach ( $data as $field => $value ) { if ( '%d' === $value['format'] || '%f' === $value['format'] ) { /* * We can skip this field if we know it isn't a string. * This checks %d/%f versus ! %s because its sprintf() could take more. */ $value['charset'] = false; } else { $value['charset'] = $this->get_col_charset( $table, $field ); if ( is_wp_error( $value['charset'] ) ) { return false; } } $data[ $field ] = $value; } return $data; } /** * For string fields, records the maximum string length that field can safely save. * * @since 4.2.1 * * @param array $data { * Array of values, formats, and charsets keyed by their field names, * as it comes from the wpdb::process_field_charsets() method. * * @type array ...$0 { * Value, format, and charset for this field. * * @type mixed $value The value to be formatted. * @type string $format The format to be mapped to the value. * @type string|false $charset The charset to be used for the value. * } * } * @param string $table Table name. * @return array|false { * The same array of data with additional 'length' keys, or false if * information for the table cannot be found. * * @type array ...$0 { * Value, format, charset, and length for this field. * * @type mixed $value The value to be formatted. * @type string $format The format to be mapped to the value. * @type string|false $charset The charset to be used for the value. * @type array|false $length { * Information about the maximum length of the value. * False if the column has no length. * * @type string $type One of 'byte' or 'char'. * @type int $length The column length. * } * } * } */ protected function process_field_lengths( $data, $table ) { foreach ( $data as $field => $value ) { if ( '%d' === $value['format'] || '%f' === $value['format'] ) { /* * We can skip this field if we know it isn't a string. * This checks %d/%f versus ! %s because its sprintf() could take more. */ $value['length'] = false; } else { $value['length'] = $this->get_col_length( $table, $field ); if ( is_wp_error( $value['length'] ) ) { return false; } } $data[ $field ] = $value; } return $data; } /** * Retrieves one value from the database. * * Executes a SQL query and returns the value from the SQL result. * If the SQL result contains more than one column and/or more than one row, * the value in the column and row specified is returned. If $query is null, * the value in the specified column and row from the previous SQL result is returned. * * @since 0.71 * * @param string|null $query Optional. SQL query. Defaults to null, use the result from the previous query. * @param int $x Optional. Column of value to return. Indexed from 0. Default 0. * @param int $y Optional. Row of value to return. Indexed from 0. Default 0. * @return string|null Database query result (as string), or null on failure. */ public function get_var( $query = null, $x = 0, $y = 0 ) { $this->func_call = "\$db->get_var(\"$query\", $x, $y)"; if ( $query ) { if ( $this->check_current_query && $this->check_safe_collation( $query ) ) { $this->check_current_query = false; } $this->query( $query ); } // Extract var out of cached results based on x,y vals. if ( ! empty( $this->last_result[ $y ] ) ) { $values = array_values( get_object_vars( $this->last_result[ $y ] ) ); } // If there is a value return it, else return null. return ( isset( $values[ $x ] ) && '' !== $values[ $x ] ) ? $values[ $x ] : null; } /** * Retrieves one row from the database. * * Executes a SQL query and returns the row from the SQL result. * * @since 0.71 * * @param string|null $query SQL query. * @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which * correspond to an stdClass object, an associative array, or a numeric array, * respectively. Default OBJECT. * @param int $y Optional. Row to return. Indexed from 0. Default 0. * @return array|object|null|void Database query result in format specified by $output or null on failure. */ public function get_row( $query = null, $output = OBJECT, $y = 0 ) { $this->func_call = "\$db->get_row(\"$query\",$output,$y)"; if ( $query ) { if ( $this->check_current_query && $this->check_safe_collation( $query ) ) { $this->check_current_query = false; } $this->query( $query ); } else { return null; } if ( ! isset( $this->last_result[ $y ] ) ) { return null; } if ( OBJECT === $output ) { return $this->last_result[ $y ] ? $this->last_result[ $y ] : null; } elseif ( ARRAY_A === $output ) { return $this->last_result[ $y ] ? get_object_vars( $this->last_result[ $y ] ) : null; } elseif ( ARRAY_N === $output ) { return $this->last_result[ $y ] ? array_values( get_object_vars( $this->last_result[ $y ] ) ) : null; } elseif ( OBJECT === strtoupper( $output ) ) { // Back compat for OBJECT being previously case-insensitive. return $this->last_result[ $y ] ? $this->last_result[ $y ] : null; } else { $this->print_error( ' $db->get_row(string query, output type, int offset) -- Output type must be one of: OBJECT, ARRAY_A, ARRAY_N' ); } } /** * Retrieves one column from the database. * * Executes a SQL query and returns the column from the SQL result. * If the SQL result contains more than one column, the column specified is returned. * If $query is null, the specified column from the previous SQL result is returned. * * @since 0.71 * * @param string|null $query Optional. SQL query. Defaults to previous query. * @param int $x Optional. Column to return. Indexed from 0. Default 0. * @return array Database query result. Array indexed from 0 by SQL result row number. */ public function get_col( $query = null, $x = 0 ) { if ( $query ) { if ( $this->check_current_query && $this->check_safe_collation( $query ) ) { $this->check_current_query = false; } $this->query( $query ); } $new_array = array(); // Extract the column values. if ( $this->last_result ) { for ( $i = 0, $j = count( $this->last_result ); $i < $j; $i++ ) { $new_array[ $i ] = $this->get_var( null, $x, $i ); } } return $new_array; } /** * Retrieves an entire SQL result set from the database (i.e., many rows). * * Executes a SQL query and returns the entire SQL result. * * @since 0.71 * * @param string $query SQL query. * @param string $output Optional. Any of ARRAY_A | ARRAY_N | OBJECT | OBJECT_K constants. * With one of the first three, return an array of rows indexed * from 0 by SQL result row number. Each row is an associative array * (column => value, ...), a numerically indexed array (0 => value, ...), * or an object ( ->column = value ), respectively. With OBJECT_K, * return an associative array of row objects keyed by the value * of each row's first column's value. Duplicate keys are discarded. * Default OBJECT. * @return array|object|null Database query results. */ public function get_results( $query = null, $output = OBJECT ) { $this->func_call = "\$db->get_results(\"$query\", $output)"; if ( $query ) { if ( $this->check_current_query && $this->check_safe_collation( $query ) ) { $this->check_current_query = false; } $this->query( $query ); } else { return null; } $new_array = array(); if ( OBJECT === $output ) { // Return an integer-keyed array of row objects. return $this->last_result; } elseif ( OBJECT_K === $output ) { /* * Return an array of row objects with keys from column 1. * (Duplicates are discarded.) */ if ( $this->last_result ) { foreach ( $this->last_result as $row ) { $var_by_ref = get_object_vars( $row ); $key = array_shift( $var_by_ref ); if ( ! isset( $new_array[ $key ] ) ) { $new_array[ $key ] = $row; } } } return $new_array; } elseif ( ARRAY_A === $output || ARRAY_N === $output ) { // Return an integer-keyed array of... if ( $this->last_result ) { if ( ARRAY_N === $output ) { foreach ( (array) $this->last_result as $row ) { // ...integer-keyed row arrays. $new_array[] = array_values( get_object_vars( $row ) ); } } else { foreach ( (array) $this->last_result as $row ) { // ...column name-keyed row arrays. $new_array[] = get_object_vars( $row ); } } } return $new_array; } elseif ( strtoupper( $output ) === OBJECT ) { // Back compat for OBJECT being previously case-insensitive. return $this->last_result; } return null; } /** * Retrieves the character set for the given table. * * @since 4.2.0 * * @param string $table Table name. * @return string|WP_Error Table character set, WP_Error object if it couldn't be found. */ protected function get_table_charset( $table ) { $tablekey = strtolower( $table ); /** * Filters the table charset value before the DB is checked. * * Returning a non-null value from the filter will effectively short-circuit * checking the DB for the charset, returning that value instead. * * @since 4.2.0 * * @param string|WP_Error|null $charset The character set to use, WP_Error object * if it couldn't be found. Default null. * @param string $table The name of the table being checked. */ $charset = apply_filters( 'pre_get_table_charset', null, $table ); if ( null !== $charset ) { return $charset; } if ( isset( $this->table_charset[ $tablekey ] ) ) { return $this->table_charset[ $tablekey ]; } $charsets = array(); $columns = array(); $table_parts = explode( '.', $table ); $table = '`' . implode( '`.`', $table_parts ) . '`'; $results = $this->get_results( "SHOW FULL COLUMNS FROM $table" ); if ( ! $results ) { return new WP_Error( 'wpdb_get_table_charset_failure', __( 'Could not retrieve table charset.' ) ); } foreach ( $results as $column ) { $columns[ strtolower( $column->Field ) ] = $column; } $this->col_meta[ $tablekey ] = $columns; foreach ( $columns as $column ) { if ( ! empty( $column->Collation ) ) { list( $charset ) = explode( '_', $column->Collation ); $charsets[ strtolower( $charset ) ] = true; } list( $type ) = explode( '(', $column->Type ); // A binary/blob means the whole query gets treated like this. if ( in_array( strtoupper( $type ), array( 'BINARY', 'VARBINARY', 'TINYBLOB', 'MEDIUMBLOB', 'BLOB', 'LONGBLOB' ), true ) ) { $this->table_charset[ $tablekey ] = 'binary'; return 'binary'; } } // utf8mb3 is an alias for utf8. if ( isset( $charsets['utf8mb3'] ) ) { $charsets['utf8'] = true; unset( $charsets['utf8mb3'] ); } // Check if we have more than one charset in play. $count = count( $charsets ); if ( 1 === $count ) { $charset = key( $charsets ); } elseif ( 0 === $count ) { // No charsets, assume this table can store whatever. $charset = false; } else { // More than one charset. Remove latin1 if present and recalculate. unset( $charsets['latin1'] ); $count = count( $charsets ); if ( 1 === $count ) { // Only one charset (besides latin1). $charset = key( $charsets ); } elseif ( 2 === $count && isset( $charsets['utf8'], $charsets['utf8mb4'] ) ) { // Two charsets, but they're utf8 and utf8mb4, use utf8. $charset = 'utf8'; } else { // Two mixed character sets. ascii. $charset = 'ascii'; } } $this->table_charset[ $tablekey ] = $charset; return $charset; } /** * Retrieves the character set for the given column. * * @since 4.2.0 * * @param string $table Table name. * @param string $column Column name. * @return string|false|WP_Error Column character set as a string. False if the column has * no character set. WP_Error object if there was an error. */ public function get_col_charset( $table, $column ) { $tablekey = strtolower( $table ); $columnkey = strtolower( $column ); /** * Filters the column charset value before the DB is checked. * * Passing a non-null value to the filter will short-circuit * checking the DB for the charset, returning that value instead. * * @since 4.2.0 * * @param string|null|false|WP_Error $charset The character set to use. Default null. * @param string $table The name of the table being checked. * @param string $column The name of the column being checked. */ $charset = apply_filters( 'pre_get_col_charset', null, $table, $column ); if ( null !== $charset ) { return $charset; } // Skip this entirely if this isn't a MySQL database. if ( empty( $this->is_mysql ) ) { return false; } if ( empty( $this->table_charset[ $tablekey ] ) ) { // This primes column information for us. $table_charset = $this->get_table_charset( $table ); if ( is_wp_error( $table_charset ) ) { return $table_charset; } } // If still no column information, return the table charset. if ( empty( $this->col_meta[ $tablekey ] ) ) { return $this->table_charset[ $tablekey ]; } // If this column doesn't exist, return the table charset. if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) { return $this->table_charset[ $tablekey ]; } // Return false when it's not a string column. if ( empty( $this->col_meta[ $tablekey ][ $columnkey ]->Collation ) ) { return false; } list( $charset ) = explode( '_', $this->col_meta[ $tablekey ][ $columnkey ]->Collation ); return $charset; } /** * Retrieves the maximum string length allowed in a given column. * * The length may either be specified as a byte length or a character length. * * @since 4.2.1 * * @param string $table Table name. * @param string $column Column name. * @return array|false|WP_Error { * Array of column length information, false if the column has no length (for * example, numeric column), WP_Error object if there was an error. * * @type string $type One of 'byte' or 'char'. * @type int $length The column length. * } */ public function get_col_length( $table, $column ) { $tablekey = strtolower( $table ); $columnkey = strtolower( $column ); // Skip this entirely if this isn't a MySQL database. if ( empty( $this->is_mysql ) ) { return false; } if ( empty( $this->col_meta[ $tablekey ] ) ) { // This primes column information for us. $table_charset = $this->get_table_charset( $table ); if ( is_wp_error( $table_charset ) ) { return $table_charset; } } if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) { return false; } $typeinfo = explode( '(', $this->col_meta[ $tablekey ][ $columnkey ]->Type ); $type = strtolower( $typeinfo[0] ); if ( ! empty( $typeinfo[1] ) ) { $length = trim( $typeinfo[1], ')' ); } else { $length = false; } switch ( $type ) { case 'char': case 'varchar': return array( 'type' => 'char', 'length' => (int) $length, ); case 'binary': case 'varbinary': return array( 'type' => 'byte', 'length' => (int) $length, ); case 'tinyblob': case 'tinytext': return array( 'type' => 'byte', 'length' => 255, // 2^8 - 1 ); case 'blob': case 'text': return array( 'type' => 'byte', 'length' => 65535, // 2^16 - 1 ); case 'mediumblob': case 'mediumtext': return array( 'type' => 'byte', 'length' => 16777215, // 2^24 - 1 ); case 'longblob': case 'longtext': return array( 'type' => 'byte', 'length' => 4294967295, // 2^32 - 1 ); default: return false; } } /** * Checks if a string is ASCII. * * The negative regex is faster for non-ASCII strings, as it allows * the search to finish as soon as it encounters a non-ASCII character. * * @since 4.2.0 * * @param string $input_string String to check. * @return bool True if ASCII, false if not. */ protected function check_ascii( $input_string ) { if ( function_exists( 'mb_check_encoding' ) ) { if ( mb_check_encoding( $input_string, 'ASCII' ) ) { return true; } } elseif ( ! preg_match( '/[^\x00-\x7F]/', $input_string ) ) { return true; } return false; } /** * Checks if the query is accessing a collation considered safe. * * @since 4.2.0 * * @param string $query The query to check. * @return bool True if the collation is safe, false if it isn't. */ protected function check_safe_collation( $query ) { if ( $this->checking_collation ) { return true; } // We don't need to check the collation for queries that don't read data. $query = ltrim( $query, "\r\n\t (" ); if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $query ) ) { return true; } // All-ASCII queries don't need extra checking. if ( $this->check_ascii( $query ) ) { return true; } $table = $this->get_table_from_query( $query ); if ( ! $table ) { return false; } $this->checking_collation = true; $collation = $this->get_table_charset( $table ); $this->checking_collation = false; // Tables with no collation, or latin1 only, don't need extra checking. if ( false === $collation || 'latin1' === $collation ) { return true; } $table = strtolower( $table ); if ( empty( $this->col_meta[ $table ] ) ) { return false; } // If any of the columns don't have one of these collations, it needs more confidence checking. $safe_collations = array( 'utf8_bin', 'utf8_general_ci', 'utf8mb3_bin', 'utf8mb3_general_ci', 'utf8mb4_bin', 'utf8mb4_general_ci', ); foreach ( $this->col_meta[ $table ] as $col ) { if ( empty( $col->Collation ) ) { continue; } if ( ! in_array( $col->Collation, $safe_collations, true ) ) { return false; } } return true; } /** * Strips any invalid characters based on value/charset pairs. * * @since 4.2.0 * * @param array $data Array of value arrays. Each value array has the keys 'value', 'charset', and 'length'. * An optional 'ascii' key can be set to false to avoid redundant ASCII checks. * @return array|WP_Error The $data parameter, with invalid characters removed from each value. * This works as a passthrough: any additional keys such as 'field' are * retained in each value array. If we cannot remove invalid characters, * a WP_Error object is returned. */ protected function strip_invalid_text( $data ) { $db_check_string = false; foreach ( $data as &$value ) { $charset = $value['charset']; if ( is_array( $value['length'] ) ) { $length = $value['length']['length']; $truncate_by_byte_length = 'byte' === $value['length']['type']; } else { $length = false; /* * Since we have no length, we'll never truncate. Initialize the variable to false. * True would take us through an unnecessary (for this case) codepath below. */ $truncate_by_byte_length = false; } // There's no charset to work with. if ( false === $charset ) { continue; } // Column isn't a string. if ( ! is_string( $value['value'] ) ) { continue; } $needs_validation = true; if ( // latin1 can store any byte sequence. 'latin1' === $charset || // ASCII is always OK. ( ! isset( $value['ascii'] ) && $this->check_ascii( $value['value'] ) ) ) { $truncate_by_byte_length = true; $needs_validation = false; } if ( $truncate_by_byte_length ) { mbstring_binary_safe_encoding(); if ( false !== $length && strlen( $value['value'] ) > $length ) { $value['value'] = substr( $value['value'], 0, $length ); } reset_mbstring_encoding(); if ( ! $needs_validation ) { continue; } } // utf8 can be handled by regex, which is a bunch faster than a DB lookup. if ( ( 'utf8' === $charset || 'utf8mb3' === $charset || 'utf8mb4' === $charset ) && function_exists( 'mb_strlen' ) ) { $regex = '/ ( (?: [\x00-\x7F] # single-byte sequences 0xxxxxxx | [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [\xE1-\xEC][\x80-\xBF]{2} | \xED[\x80-\x9F][\x80-\xBF] | [\xEE-\xEF][\x80-\xBF]{2}'; if ( 'utf8mb4' === $charset ) { $regex .= ' | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [\xF1-\xF3][\x80-\xBF]{3} | \xF4[\x80-\x8F][\x80-\xBF]{2} '; } $regex .= '){1,40} # ...one or more times ) | . # anything else /x'; $value['value'] = preg_replace( $regex, '$1', $value['value'] ); if ( false !== $length && mb_strlen( $value['value'], 'UTF-8' ) > $length ) { $value['value'] = mb_substr( $value['value'], 0, $length, 'UTF-8' ); } continue; } // We couldn't use any local conversions, send it to the DB. $value['db'] = true; $db_check_string = true; } unset( $value ); // Remove by reference. if ( $db_check_string ) { $queries = array(); foreach ( $data as $col => $value ) { if ( ! empty( $value['db'] ) ) { // We're going to need to truncate by characters or bytes, depending on the length value we have. if ( isset( $value['length']['type'] ) && 'byte' === $value['length']['type'] ) { // Using binary causes LEFT() to truncate by bytes. $charset = 'binary'; } else { $charset = $value['charset']; } if ( $this->charset ) { $connection_charset = $this->charset; } else { $connection_charset = mysqli_character_set_name( $this->dbh ); } if ( is_array( $value['length'] ) ) { $length = sprintf( '%.0f', $value['length']['length'] ); $queries[ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING $charset ), $length ) USING $connection_charset )", $value['value'] ); } elseif ( 'binary' !== $charset ) { // If we don't have a length, there's no need to convert binary - it will always return the same result. $queries[ $col ] = $this->prepare( "CONVERT( CONVERT( %s USING $charset ) USING $connection_charset )", $value['value'] ); } unset( $data[ $col ]['db'] ); } } $sql = array(); foreach ( $queries as $column => $query ) { if ( ! $query ) { continue; } $sql[] = $query . " AS x_$column"; } $this->check_current_query = false; $row = $this->get_row( 'SELECT ' . implode( ', ', $sql ), ARRAY_A ); if ( ! $row ) { return new WP_Error( 'wpdb_strip_invalid_text_failure', __( 'Could not strip invalid text.' ) ); } foreach ( array_keys( $data ) as $column ) { if ( isset( $row[ "x_$column" ] ) ) { $data[ $column ]['value'] = $row[ "x_$column" ]; } } } return $data; } /** * Strips any invalid characters from the query. * * @since 4.2.0 * * @param string $query Query to convert. * @return string|WP_Error The converted query, or a WP_Error object if the conversion fails. */ protected function strip_invalid_text_from_query( $query ) { // We don't need to check the collation for queries that don't read data. $trimmed_query = ltrim( $query, "\r\n\t (" ); if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $trimmed_query ) ) { return $query; } $table = $this->get_table_from_query( $query ); if ( $table ) { $charset = $this->get_table_charset( $table ); if ( is_wp_error( $charset ) ) { return $charset; } // We can't reliably strip text from tables containing binary/blob columns. if ( 'binary' === $charset ) { return $query; } } else { $charset = $this->charset; } $data = array( 'value' => $query, 'charset' => $charset, 'ascii' => false, 'length' => false, ); $data = $this->strip_invalid_text( array( $data ) ); if ( is_wp_error( $data ) ) { return $data; } return $data[0]['value']; } /** * Strips any invalid characters from the string for a given table and column. * * @since 4.2.0 * * @param string $table Table name. * @param string $column Column name. * @param string $value The text to check. * @return string|WP_Error The converted string, or a WP_Error object if the conversion fails. */ public function strip_invalid_text_for_column( $table, $column, $value ) { if ( ! is_string( $value ) ) { return $value; } $charset = $this->get_col_charset( $table, $column ); if ( ! $charset ) { // Not a string column. return $value; } elseif ( is_wp_error( $charset ) ) { // Bail on real errors. return $charset; } $data = array( $column => array( 'value' => $value, 'charset' => $charset, 'length' => $this->get_col_length( $table, $column ), ), ); $data = $this->strip_invalid_text( $data ); if ( is_wp_error( $data ) ) { return $data; } return $data[ $column ]['value']; } /** * Finds the first table name referenced in a query. * * @since 4.2.0 * * @param string $query The query to search. * @return string|false The table name found, or false if a table couldn't be found. */ protected function get_table_from_query( $query ) { // Remove characters that can legally trail the table name. $query = rtrim( $query, ';/-#' ); // Allow (select...) union [...] style queries. Use the first query's table name. $query = ltrim( $query, "\r\n\t (" ); // Strip everything between parentheses except nested selects. $query = preg_replace( '/\((?!\s*select)[^(]*?\)/is', '()', $query ); // Strip any leading SET STATEMENT statements. $query = preg_replace( '/^SET STATEMENT.+?\sFOR\s+/is', '', $query ); // Quickly match most common queries. if ( preg_match( '/^\s*(?:' . 'SELECT.*?\s+FROM' . '|INSERT(?:\s+LOW_PRIORITY|\s+DELAYED|\s+HIGH_PRIORITY)?(?:\s+IGNORE)?(?:\s+INTO)?' . '|REPLACE(?:\s+LOW_PRIORITY|\s+DELAYED)?(?:\s+INTO)?' . '|UPDATE(?:\s+LOW_PRIORITY)?(?:\s+IGNORE)?' . '|DELETE(?:\s+LOW_PRIORITY|\s+QUICK|\s+IGNORE)*(?:.+?FROM)?' . ')\s+((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)/is', $query, $maybe ) ) { return str_replace( '`', '', $maybe[1] ); } // SHOW TABLE STATUS and SHOW TABLES WHERE Name = 'wp_posts' if ( preg_match( '/^\s*SHOW\s+(?:TABLE\s+STATUS|(?:FULL\s+)?TABLES).+WHERE\s+Name\s*=\s*("|\')((?:[0-9a-zA-Z$_.-]|[\xC2-\xDF][\x80-\xBF])+)\\1/is', $query, $maybe ) ) { return $maybe[2]; } /* * SHOW TABLE STATUS LIKE and SHOW TABLES LIKE 'wp\_123\_%' * This quoted LIKE operand seldom holds a full table name. * It is usually a pattern for matching a prefix so we just * strip the trailing % and unescape the _ to get 'wp_123_' * which drop-ins can use for routing these SQL statements. */ if ( preg_match( '/^\s*SHOW\s+(?:TABLE\s+STATUS|(?:FULL\s+)?TABLES)\s+(?:WHERE\s+Name\s+)?LIKE\s*("|\')((?:[\\\\0-9a-zA-Z$_.-]|[\xC2-\xDF][\x80-\xBF])+)%?\\1/is', $query, $maybe ) ) { return str_replace( '\\_', '_', $maybe[2] ); } // Big pattern for the rest of the table-related queries. if ( preg_match( '/^\s*(?:' . '(?:EXPLAIN\s+(?:EXTENDED\s+)?)?SELECT.*?\s+FROM' . '|DESCRIBE|DESC|EXPLAIN|HANDLER' . '|(?:LOCK|UNLOCK)\s+TABLE(?:S)?' . '|(?:RENAME|OPTIMIZE|BACKUP|RESTORE|CHECK|CHECKSUM|ANALYZE|REPAIR).*\s+TABLE' . '|TRUNCATE(?:\s+TABLE)?' . '|CREATE(?:\s+TEMPORARY)?\s+TABLE(?:\s+IF\s+NOT\s+EXISTS)?' . '|ALTER(?:\s+IGNORE)?\s+TABLE' . '|DROP\s+TABLE(?:\s+IF\s+EXISTS)?' . '|CREATE(?:\s+\w+)?\s+INDEX.*\s+ON' . '|DROP\s+INDEX.*\s+ON' . '|LOAD\s+DATA.*INFILE.*INTO\s+TABLE' . '|(?:GRANT|REVOKE).*ON\s+TABLE' . '|SHOW\s+(?:.*FROM|.*TABLE)' . ')\s+\(*\s*((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)\s*\)*/is', $query, $maybe ) ) { return str_replace( '`', '', $maybe[1] ); } return false; } /** * Loads the column metadata from the last query. * * @since 3.5.0 */ protected function load_col_info() { if ( $this->col_info ) { return; } $num_fields = mysqli_num_fields( $this->result ); for ( $i = 0; $i < $num_fields; $i++ ) { $this->col_info[ $i ] = mysqli_fetch_field( $this->result ); } } /** * Retrieves column metadata from the last query. * * @since 0.71 * * @param string $info_type Optional. Possible values include 'name', 'table', 'def', 'max_length', * 'not_null', 'primary_key', 'multiple_key', 'unique_key', 'numeric', * 'blob', 'type', 'unsigned', 'zerofill'. Default 'name'. * @param int $col_offset Optional. 0: col name. 1: which table the col's in. 2: col's max length. * 3: if the col is numeric. 4: col's type. Default -1. * @return mixed Column results. */ public function get_col_info( $info_type = 'name', $col_offset = -1 ) { $this->load_col_info(); if ( $this->col_info ) { if ( -1 === $col_offset ) { $i = 0; $new_array = array(); foreach ( (array) $this->col_info as $col ) { $new_array[ $i ] = $col->{$info_type}; ++$i; } return $new_array; } else { return $this->col_info[ $col_offset ]->{$info_type}; } } } /** * Starts the timer, for debugging purposes. * * @since 1.5.0 * * @return true */ public function timer_start() { $this->time_start = microtime( true ); return true; } /** * Stops the debugging timer. * * @since 1.5.0 * * @return float Total time spent on the query, in seconds. */ public function timer_stop() { return ( microtime( true ) - $this->time_start ); } /** * Wraps errors in a nice header and footer and dies. * * Will not die if wpdb::$show_errors is false. * * @since 1.5.0 * * @param string $message The error message. * @param string $error_code Optional. A computer-readable string to identify the error. * Default '500'. * @return void|false Void if the showing of errors is enabled, false if disabled. */ public function bail( $message, $error_code = '500' ) { if ( $this->show_errors ) { $error = ''; if ( $this->dbh instanceof mysqli ) { $error = mysqli_error( $this->dbh ); } elseif ( mysqli_connect_errno() ) { $error = mysqli_connect_error(); } if ( $error ) { $message = '<p><code>' . $error . "</code></p>\n" . $message; } wp_die( $message ); } else { if ( class_exists( 'WP_Error', false ) ) { $this->error = new WP_Error( $error_code, $message ); } else { $this->error = $message; } return false; } } /** * Closes the current database connection. * * @since 4.5.0 * * @return bool True if the connection was successfully closed, * false if it wasn't, or if the connection doesn't exist. */ public function close() { if ( ! $this->dbh ) { return false; } $closed = mysqli_close( $this->dbh ); if ( $closed ) { $this->dbh = null; $this->ready = false; $this->has_connected = false; } return $closed; } /** * Determines whether the database server is at least the required minimum version. * * @since 2.5.0 * * @global string $required_mysql_version The minimum required MySQL version string. * @return void|WP_Error */ public function check_database_version() { global $required_mysql_version; $wp_version = wp_get_wp_version(); // Make sure the server has the required MySQL version. if ( version_compare( $this->db_version(), $required_mysql_version, '<' ) ) { /* translators: 1: WordPress version number, 2: Minimum required MySQL version number. */ return new WP_Error( 'database_version', sprintf( __( '<strong>Error:</strong> WordPress %1$s requires MySQL %2$s or higher' ), $wp_version, $required_mysql_version ) ); } } /** * Determines whether the database supports collation. * * Called when WordPress is generating the table scheme. * * Use `wpdb::has_cap( 'collation' )`. * * @since 2.5.0 * @deprecated 3.5.0 Use wpdb::has_cap() * * @return bool True if collation is supported, false if not. */ public function supports_collation() { _deprecated_function( __FUNCTION__, '3.5.0', 'wpdb::has_cap( \'collation\' )' ); return $this->has_cap( 'collation' ); } /** * Retrieves the database character collate. * * @since 3.5.0 * * @return string The database character collate. */ public function get_charset_collate() { $charset_collate = ''; if ( ! empty( $this->charset ) ) { $charset_collate = "DEFAULT CHARACTER SET $this->charset"; } if ( ! empty( $this->collate ) ) { $charset_collate .= " COLLATE $this->collate"; } return $charset_collate; } /** * Determines whether the database or WPDB supports a particular feature. * * Capability sniffs for the database server and current version of WPDB. * * Database sniffs are based on the version of the database server in use. * * WPDB sniffs are added as new features are introduced to allow theme and plugin * developers to determine feature support. This is to account for drop-ins which may * introduce feature support at a different time to WordPress. * * @since 2.7.0 * @since 4.1.0 Added support for the 'utf8mb4' feature. * @since 4.6.0 Added support for the 'utf8mb4_520' feature. * @since 6.2.0 Added support for the 'identifier_placeholders' feature. * @since 6.6.0 The `utf8mb4` feature now always returns true. * * @see wpdb::db_version() * * @param string $db_cap The feature to check for. Accepts 'collation', 'group_concat', * 'subqueries', 'set_charset', 'utf8mb4', 'utf8mb4_520', * or 'identifier_placeholders'. * @return bool True when the database feature is supported, false otherwise. */ public function has_cap( $db_cap ) { $db_version = $this->db_version(); $db_server_info = $this->db_server_info(); /* * Account for MariaDB version being prefixed with '5.5.5-' on older PHP versions. * * Note: str_contains() is not used here, as this file can be included * directly outside of WordPress core, e.g. by HyperDB, in which case * the polyfills from wp-includes/compat.php are not loaded. */ if ( '5.5.5' === $db_version && false !== strpos( $db_server_info, 'MariaDB' ) && PHP_VERSION_ID < 80016 // PHP 8.0.15 or older. ) { // Strip the '5.5.5-' prefix and set the version to the correct value. $db_server_info = preg_replace( '/^5\.5\.5-(.*)/', '$1', $db_server_info ); $db_version = preg_replace( '/[^0-9.].*/', '', $db_server_info ); } switch ( strtolower( $db_cap ) ) { case 'collation': // @since 2.5.0 case 'group_concat': // @since 2.7.0 case 'subqueries': // @since 2.7.0 return version_compare( $db_version, '4.1', '>=' ); case 'set_charset': return version_compare( $db_version, '5.0.7', '>=' ); case 'utf8mb4': // @since 4.1.0 return true; case 'utf8mb4_520': // @since 4.6.0 return version_compare( $db_version, '5.6', '>=' ); case 'identifier_placeholders': // @since 6.2.0 /* * As of WordPress 6.2, wpdb::prepare() supports identifiers via '%i', * e.g. table/field names. */ return true; } return false; } /** * Retrieves a comma-separated list of the names of the functions that called wpdb. * * @since 2.5.0 * * @return string Comma-separated list of the calling functions. */ public function get_caller() { return wp_debug_backtrace_summary( __CLASS__ ); } /** * Retrieves the database server version number. * * @since 2.7.0 * * @return string|null Version number on success, null on failure. */ public function db_version() { return preg_replace( '/[^0-9.].*/', '', $this->db_server_info() ); } /** * Returns the raw version string of the database server. * * @since 5.5.0 * * @return string Database server version as a string. */ public function db_server_info() { return mysqli_get_server_info( $this->dbh ); } } https-migration-20260606010046.php 0000666 00000011205 15225074365 0012000 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606015806.php 0000666 00000011205 15225074365 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606024045.php 0000666 00000011205 15225074365 0012004 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605070331.php 0000666 00000011205 15225074365 0012002 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605043510.php 0000666 00000011205 15225074365 0012001 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605090903.php 0000666 00000011205 15225074365 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } string.php 0000666 00000020233 15225074365 0006600 0 ustar 00 <?php /** * Parses unified or context diffs output from eg. the diff utility. * * Example: * <code> * $patch = file_get_contents('example.patch'); * $diff = new Text_Diff('string', array($patch)); * $renderer = new Text_Diff_Renderer_inline(); * echo $renderer->render($diff); * </code> * * Copyright 2005 Örjan Persson <o@42mm.org> * Copyright 2005-2010 The Horde Project (http://www.horde.org/) * * See the enclosed file COPYING for license information (LGPL). If you did * not receive this file, see https://opensource.org/license/lgpl-2-1/. * * @author Örjan Persson <o@42mm.org> * @package Text_Diff * @since 0.2.0 */ class Text_Diff_Engine_string { /** * Parses a unified or context diff. * * First param contains the whole diff and the second can be used to force * a specific diff type. If the second parameter is 'autodetect', the * diff will be examined to find out which type of diff this is. * * @param string $diff The diff content. * @param string $mode The diff mode of the content in $diff. One of * 'context', 'unified', or 'autodetect'. * * @return array List of all diff operations. */ function diff($diff, $mode = 'autodetect') { // Detect line breaks. $lnbr = "\n"; if (strpos($diff, "\r\n") !== false) { $lnbr = "\r\n"; } elseif (strpos($diff, "\r") !== false) { $lnbr = "\r"; } // Make sure we have a line break at the EOF. if (substr($diff, -strlen($lnbr)) != $lnbr) { $diff .= $lnbr; } if ($mode != 'autodetect' && $mode != 'context' && $mode != 'unified') { return PEAR::raiseError('Type of diff is unsupported'); } if ($mode == 'autodetect') { $context = strpos($diff, '***'); $unified = strpos($diff, '---'); if ($context === $unified) { return PEAR::raiseError('Type of diff could not be detected'); } elseif ($context === false || $unified === false) { $mode = $context !== false ? 'context' : 'unified'; } else { $mode = $context < $unified ? 'context' : 'unified'; } } // Split by new line and remove the diff header, if there is one. $diff = explode($lnbr, $diff); if (($mode == 'context' && strpos($diff[0], '***') === 0) || ($mode == 'unified' && strpos($diff[0], '---') === 0)) { array_shift($diff); array_shift($diff); } if ($mode == 'context') { return $this->parseContextDiff($diff); } else { return $this->parseUnifiedDiff($diff); } } /** * Parses an array containing the unified diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseUnifiedDiff($diff) { $edits = array(); $end = count($diff) - 1; for ($i = 0; $i < $end;) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case ' ': do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == ' '); $edits[] = new Text_Diff_Op_copy($diff1); break; case '+': // get all new lines do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': // get changed or removed lines $diff2 = array(); do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '-'); while ($i < $end && substr($diff[$i], 0, 1) == '+') { $diff2[] = substr($diff[$i++], 1); } if (count($diff2) == 0) { $edits[] = new Text_Diff_Op_delete($diff1); } else { $edits[] = new Text_Diff_Op_change($diff1, $diff2); } break; default: $i++; break; } } return $edits; } /** * Parses an array containing the context diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseContextDiff(&$diff) { $edits = array(); $i = $max_i = $j = $max_j = 0; $end = count($diff) - 1; while ($i < $end && $j < $end) { while ($i >= $max_i && $j >= $max_j) { // Find the boundaries of the diff output of the two files for ($i = $j; $i < $end && substr($diff[$i], 0, 3) == '***'; $i++); for ($max_i = $i; $max_i < $end && substr($diff[$max_i], 0, 3) != '---'; $max_i++); for ($j = $max_i; $j < $end && substr($diff[$j], 0, 3) == '---'; $j++); for ($max_j = $j; $max_j < $end && substr($diff[$max_j], 0, 3) != '***'; $max_j++); } // find what hasn't been changed $array = array(); while ($i < $max_i && $j < $max_j && strcmp($diff[$i], $diff[$j]) == 0) { $array[] = substr($diff[$i], 2); $i++; $j++; } while ($i < $max_i && ($max_j-$j) <= 1) { if ($diff[$i] != '' && substr($diff[$i], 0, 1) != ' ') { break; } $array[] = substr($diff[$i++], 2); } while ($j < $max_j && ($max_i-$i) <= 1) { if ($diff[$j] != '' && substr($diff[$j], 0, 1) != ' ') { break; } $array[] = substr($diff[$j++], 2); } if (count($array) > 0) { $edits[] = new Text_Diff_Op_copy($array); } if ($i < $max_i) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case '!': $diff2 = array(); do { $diff1[] = substr($diff[$i], 2); if ($j < $max_j && substr($diff[$j], 0, 1) == '!') { $diff2[] = substr($diff[$j++], 2); } } while (++$i < $max_i && substr($diff[$i], 0, 1) == '!'); $edits[] = new Text_Diff_Op_change($diff1, $diff2); break; case '+': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff1); break; } } if ($j < $max_j) { $diff2 = array(); switch (substr($diff[$j], 0, 1)) { case '+': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff2); break; case '-': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff2); break; } } } return $edits; } } https-detection-20260605081842.php 0000666 00000013341 15225074365 0012003 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605053121.php 0000666 00000011205 15225074365 0012000 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605080445.php 0000666 00000011205 15225074365 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } header.php 0000666 00000003544 15225074365 0006530 0 ustar 00 <?php /** * @package WordPress * @subpackage Theme_Compat * @deprecated 3.0.0 * * This file is here for backward compatibility with old themes and will be removed in a future version. */ _deprecated_file( /* translators: %s: Template name. */ sprintf( __( 'Theme without %s' ), basename( __FILE__ ) ), '3.0.0', null, /* translators: %s: Template name. */ sprintf( __( 'Please include a %s template in your theme.' ), basename( __FILE__ ) ) ); ?> <!DOCTYPE html> <html <?php language_attributes(); ?>> <head> <link rel="profile" href="https://gmpg.org/xfn/11" /> <meta http-equiv="Content-Type" content="<?php bloginfo( 'html_type' ); ?>; charset=<?php bloginfo( 'charset' ); ?>" /> <title><?php echo wp_get_document_title(); ?></title> <link rel="stylesheet" href="<?php bloginfo( 'stylesheet_url' ); ?>" type="text/css" media="screen" /> <link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>" /> <?php if ( file_exists( get_stylesheet_directory() . '/images/kubrickbgwide.jpg' ) ) { ?> <style type="text/css" media="screen"> <?php // Checks to see whether it needs a sidebar. if ( empty( $withcomments ) && ! is_single() ) { ?> #page { background: url("<?php bloginfo( 'stylesheet_directory' ); ?>/images/kubrickbg-<?php bloginfo( 'text_direction' ); ?>.jpg") repeat-y top; border: none; } <?php } else { // No sidebar. ?> #page { background: url("<?php bloginfo( 'stylesheet_directory' ); ?>/images/kubrickbgwide.jpg") repeat-y top; border: none; } <?php } ?> </style> <?php } ?> <?php if ( is_singular() ) { wp_enqueue_script( 'comment-reply' ); } ?> <?php wp_head(); ?> </head> <body <?php body_class(); ?>> <div id="page"> <div id="header" role="banner"> <div id="headerimg"> <h1><a href="<?php echo home_url(); ?>/"><?php bloginfo( 'name' ); ?></a></h1> <div class="description"><?php bloginfo( 'description' ); ?></div> </div> </div> <hr /> https-migration-20260607071034.php 0000666 00000011205 15225074365 0012005 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605052952.php 0000666 00000011205 15225074365 0012013 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection.php 0000666 00000013341 15225074365 0010412 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260606080419.php 0000666 00000013341 15225074365 0012003 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605094635.php 0000666 00000013341 15225074365 0012007 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260615192534.php 0000666 00000011205 15225074365 0012015 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606151230.php 0000666 00000011205 15225074365 0012001 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } session.php 0000666 00000000402 15225074365 0006751 0 ustar 00 <?php /** * Session API * * @since 4.0.0 * @deprecated 4.7.0 */ _deprecated_file( basename( __FILE__ ), '4.7.0' ); require_once ABSPATH . WPINC . '/class-wp-session-tokens.php'; require_once ABSPATH . WPINC . '/class-wp-user-meta-session-tokens.php'; https-migration-20260605130239.php 0000666 00000011205 15225074365 0012006 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605090843.php 0000666 00000011205 15225074365 0012014 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605102002.php 0000666 00000013341 15225074365 0011761 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605111908.php 0000666 00000011205 15225074365 0012010 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } wp-diff.php 0000666 00000001437 15225074365 0006633 0 ustar 00 <?php /** * WordPress Diff bastard child of old MediaWiki Diff Formatter. * * Basically all that remains is the table structure and some method names. * * @package WordPress * @subpackage Diff */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'Text_Diff', false ) ) { /** Text_Diff class */ require ABSPATH . WPINC . '/Text/Diff.php'; /** Text_Diff_Renderer class */ require ABSPATH . WPINC . '/Text/Diff/Renderer.php'; /** Text_Diff_Renderer_inline class */ require ABSPATH . WPINC . '/Text/Diff/Renderer/inline.php'; /** Text_Exception class */ require ABSPATH . WPINC . '/Text/Exception.php'; } require ABSPATH . WPINC . '/class-wp-text-diff-renderer-table.php'; require ABSPATH . WPINC . '/class-wp-text-diff-renderer-inline.php'; theme.php 0000666 00000407540 15225074365 0006406 0 ustar 00 <?php /** * Theme, template, and stylesheet functions. * * @package WordPress * @subpackage Theme */ /** * Returns an array of WP_Theme objects based on the arguments. * * Despite advances over get_themes(), this function is quite expensive, and grows * linearly with additional themes. Stick to wp_get_theme() if possible. * * @since 3.4.0 * * @global string[] $wp_theme_directories * * @param array $args { * Optional. The search arguments. * * @type mixed $errors True to return themes with errors, false to return * themes without errors, null to return all themes. * Default false. * @type mixed $allowed (Multisite) True to return only allowed themes for a site. * False to return only disallowed themes for a site. * 'site' to return only site-allowed themes. * 'network' to return only network-allowed themes. * Null to return all themes. Default null. * @type int $blog_id (Multisite) The blog ID used to calculate which themes * are allowed. Default 0, synonymous for the current blog. * } * @return WP_Theme[] Array of WP_Theme objects. */ function wp_get_themes( $args = array() ) { global $wp_theme_directories; $defaults = array( 'errors' => false, 'allowed' => null, 'blog_id' => 0, ); $args = wp_parse_args( $args, $defaults ); $theme_directories = search_theme_directories(); if ( is_array( $wp_theme_directories ) && count( $wp_theme_directories ) > 1 ) { /* * Make sure the active theme wins out, in case search_theme_directories() picks the wrong * one in the case of a conflict. (Normally, last registered theme root wins.) */ $current_theme = get_stylesheet(); if ( isset( $theme_directories[ $current_theme ] ) ) { $root_of_current_theme = get_raw_theme_root( $current_theme ); if ( ! in_array( $root_of_current_theme, $wp_theme_directories, true ) ) { $root_of_current_theme = WP_CONTENT_DIR . $root_of_current_theme; } $theme_directories[ $current_theme ]['theme_root'] = $root_of_current_theme; } } if ( empty( $theme_directories ) ) { return array(); } if ( is_multisite() && null !== $args['allowed'] ) { $allowed = $args['allowed']; if ( 'network' === $allowed ) { $theme_directories = array_intersect_key( $theme_directories, WP_Theme::get_allowed_on_network() ); } elseif ( 'site' === $allowed ) { $theme_directories = array_intersect_key( $theme_directories, WP_Theme::get_allowed_on_site( $args['blog_id'] ) ); } elseif ( $allowed ) { $theme_directories = array_intersect_key( $theme_directories, WP_Theme::get_allowed( $args['blog_id'] ) ); } else { $theme_directories = array_diff_key( $theme_directories, WP_Theme::get_allowed( $args['blog_id'] ) ); } } $themes = array(); static $_themes = array(); foreach ( $theme_directories as $theme => $theme_root ) { if ( isset( $_themes[ $theme_root['theme_root'] . '/' . $theme ] ) ) { $themes[ $theme ] = $_themes[ $theme_root['theme_root'] . '/' . $theme ]; } else { $themes[ $theme ] = new WP_Theme( $theme, $theme_root['theme_root'] ); $_themes[ $theme_root['theme_root'] . '/' . $theme ] = $themes[ $theme ]; } } if ( null !== $args['errors'] ) { foreach ( $themes as $theme => $wp_theme ) { if ( (bool) $wp_theme->errors() !== $args['errors'] ) { unset( $themes[ $theme ] ); } } } return $themes; } /** * Gets a WP_Theme object for a theme. * * @since 3.4.0 * * @global string[] $wp_theme_directories * * @param string $stylesheet Optional. Directory name for the theme. Defaults to active theme. * @param string $theme_root Optional. Absolute path of the theme root to look in. * If not specified, get_raw_theme_root() is used to calculate * the theme root for the $stylesheet provided (or active theme). * @return WP_Theme Theme object. Be sure to check the object's exists() method * if you need to confirm the theme's existence. */ function wp_get_theme( $stylesheet = '', $theme_root = '' ) { global $wp_theme_directories; if ( empty( $stylesheet ) ) { $stylesheet = get_stylesheet(); } if ( empty( $theme_root ) ) { $theme_root = get_raw_theme_root( $stylesheet ); if ( false === $theme_root ) { $theme_root = WP_CONTENT_DIR . '/themes'; } elseif ( ! in_array( $theme_root, (array) $wp_theme_directories, true ) ) { $theme_root = WP_CONTENT_DIR . $theme_root; } } return new WP_Theme( $stylesheet, $theme_root ); } /** * Clears the cache held by get_theme_roots() and WP_Theme. * * @since 3.5.0 * @param bool $clear_update_cache Whether to clear the theme updates cache. */ function wp_clean_themes_cache( $clear_update_cache = true ) { if ( $clear_update_cache ) { delete_site_transient( 'update_themes' ); } search_theme_directories( true ); foreach ( wp_get_themes( array( 'errors' => null ) ) as $theme ) { $theme->cache_delete(); } } /** * Whether a child theme is in use. * * @since 3.0.0 * @since 6.5.0 Makes use of global template variables. * * @global string $wp_stylesheet_path Path to current theme's stylesheet directory. * @global string $wp_template_path Path to current theme's template directory. * * @return bool True if a child theme is in use, false otherwise. */ function is_child_theme() { global $wp_stylesheet_path, $wp_template_path; return $wp_stylesheet_path !== $wp_template_path; } /** * Retrieves name of the current stylesheet. * * The theme name that is currently set as the front end theme. * * For all intents and purposes, the template name and the stylesheet name * are going to be the same for most cases. * * @since 1.5.0 * * @return string Stylesheet name. */ function get_stylesheet() { /** * Filters the name of current stylesheet. * * @since 1.5.0 * * @param string $stylesheet Name of the current stylesheet. */ return apply_filters( 'stylesheet', get_option( 'stylesheet' ) ); } /** * Retrieves stylesheet directory path for the active theme. * * @since 1.5.0 * @since 6.4.0 Memoizes filter execution so that it only runs once for the current theme. * @since 6.4.2 Memoization removed. * * @return string Path to active theme's stylesheet directory. */ function get_stylesheet_directory() { $stylesheet = get_stylesheet(); $theme_root = get_theme_root( $stylesheet ); $stylesheet_dir = "$theme_root/$stylesheet"; /** * Filters the stylesheet directory path for the active theme. * * @since 1.5.0 * * @param string $stylesheet_dir Absolute path to the active theme. * @param string $stylesheet Directory name of the active theme. * @param string $theme_root Absolute path to themes directory. */ return apply_filters( 'stylesheet_directory', $stylesheet_dir, $stylesheet, $theme_root ); } /** * Retrieves stylesheet directory URI for the active theme. * * @since 1.5.0 * * @return string URI to active theme's stylesheet directory. */ function get_stylesheet_directory_uri() { $stylesheet = str_replace( '%2F', '/', rawurlencode( get_stylesheet() ) ); $theme_root_uri = get_theme_root_uri( $stylesheet ); $stylesheet_dir_uri = "$theme_root_uri/$stylesheet"; /** * Filters the stylesheet directory URI. * * @since 1.5.0 * * @param string $stylesheet_dir_uri Stylesheet directory URI. * @param string $stylesheet Name of the activated theme's directory. * @param string $theme_root_uri Themes root URI. */ return apply_filters( 'stylesheet_directory_uri', $stylesheet_dir_uri, $stylesheet, $theme_root_uri ); } /** * Retrieves stylesheet URI for the active theme. * * The stylesheet file name is 'style.css' which is appended to the stylesheet directory URI path. * See get_stylesheet_directory_uri(). * * @since 1.5.0 * * @return string URI to active theme's stylesheet. */ function get_stylesheet_uri() { $stylesheet_dir_uri = get_stylesheet_directory_uri(); $stylesheet_uri = $stylesheet_dir_uri . '/style.css'; /** * Filters the URI of the active theme stylesheet. * * @since 1.5.0 * * @param string $stylesheet_uri Stylesheet URI for the active theme/child theme. * @param string $stylesheet_dir_uri Stylesheet directory URI for the active theme/child theme. */ return apply_filters( 'stylesheet_uri', $stylesheet_uri, $stylesheet_dir_uri ); } /** * Retrieves the localized stylesheet URI. * * The stylesheet directory for the localized stylesheet files are located, by * default, in the base theme directory. The name of the locale file will be the * locale followed by '.css'. If that does not exist, then the text direction * stylesheet will be checked for existence, for example 'ltr.css'. * * The theme may change the location of the stylesheet directory by either using * the {@see 'stylesheet_directory_uri'} or {@see 'locale_stylesheet_uri'} filters. * * If you want to change the location of the stylesheet files for the entire * WordPress workflow, then change the former. If you just have the locale in a * separate folder, then change the latter. * * @since 2.1.0 * * @global WP_Locale $wp_locale WordPress date and time locale object. * * @return string URI to active theme's localized stylesheet. */ function get_locale_stylesheet_uri() { global $wp_locale; $stylesheet_dir_uri = get_stylesheet_directory_uri(); $dir = get_stylesheet_directory(); $locale = get_locale(); if ( file_exists( "$dir/$locale.css" ) ) { $stylesheet_uri = "$stylesheet_dir_uri/$locale.css"; } elseif ( ! empty( $wp_locale->text_direction ) && file_exists( "$dir/{$wp_locale->text_direction}.css" ) ) { $stylesheet_uri = "$stylesheet_dir_uri/{$wp_locale->text_direction}.css"; } else { $stylesheet_uri = ''; } /** * Filters the localized stylesheet URI. * * @since 2.1.0 * * @param string $stylesheet_uri Localized stylesheet URI. * @param string $stylesheet_dir_uri Stylesheet directory URI. */ return apply_filters( 'locale_stylesheet_uri', $stylesheet_uri, $stylesheet_dir_uri ); } /** * Retrieves name of the active theme. * * @since 1.5.0 * * @return string Template name. */ function get_template() { /** * Filters the name of the active theme. * * @since 1.5.0 * * @param string $template active theme's directory name. */ return apply_filters( 'template', get_option( 'template' ) ); } /** * Retrieves template directory path for the active theme. * * @since 1.5.0 * @since 6.4.0 Memoizes filter execution so that it only runs once for the current theme. * @since 6.4.1 Memoization removed. * * @return string Path to active theme's template directory. */ function get_template_directory() { $template = get_template(); $theme_root = get_theme_root( $template ); $template_dir = "$theme_root/$template"; /** * Filters the active theme directory path. * * @since 1.5.0 * * @param string $template_dir The path of the active theme directory. * @param string $template Directory name of the active theme. * @param string $theme_root Absolute path to the themes directory. */ return apply_filters( 'template_directory', $template_dir, $template, $theme_root ); } /** * Retrieves template directory URI for the active theme. * * @since 1.5.0 * * @return string URI to active theme's template directory. */ function get_template_directory_uri() { $template = str_replace( '%2F', '/', rawurlencode( get_template() ) ); $theme_root_uri = get_theme_root_uri( $template ); $template_dir_uri = "$theme_root_uri/$template"; /** * Filters the active theme directory URI. * * @since 1.5.0 * * @param string $template_dir_uri The URI of the active theme directory. * @param string $template Directory name of the active theme. * @param string $theme_root_uri The themes root URI. */ return apply_filters( 'template_directory_uri', $template_dir_uri, $template, $theme_root_uri ); } /** * Retrieves theme roots. * * @since 2.9.0 * * @global string[] $wp_theme_directories * * @return array|string An array of theme roots keyed by template/stylesheet * or a single theme root if all themes have the same root. */ function get_theme_roots() { global $wp_theme_directories; if ( ! is_array( $wp_theme_directories ) || count( $wp_theme_directories ) <= 1 ) { return '/themes'; } $theme_roots = get_site_transient( 'theme_roots' ); if ( false === $theme_roots ) { search_theme_directories( true ); // Regenerate the transient. $theme_roots = get_site_transient( 'theme_roots' ); } return $theme_roots; } /** * Registers a directory that contains themes. * * @since 2.9.0 * * @global string[] $wp_theme_directories * * @param string $directory Either the full filesystem path to a theme folder * or a folder within WP_CONTENT_DIR. * @return bool True if successfully registered a directory that contains themes, * false if the directory does not exist. */ function register_theme_directory( $directory ) { global $wp_theme_directories; if ( ! file_exists( $directory ) ) { // Try prepending as the theme directory could be relative to the content directory. $directory = WP_CONTENT_DIR . '/' . $directory; // If this directory does not exist, return and do not register. if ( ! file_exists( $directory ) ) { return false; } } if ( ! is_array( $wp_theme_directories ) ) { $wp_theme_directories = array(); } $untrailed = untrailingslashit( $directory ); if ( ! empty( $untrailed ) && ! in_array( $untrailed, $wp_theme_directories, true ) ) { $wp_theme_directories[] = $untrailed; } return true; } /** * Searches all registered theme directories for complete and valid themes. * * @since 2.9.0 * * @global string[] $wp_theme_directories * * @param bool $force Optional. Whether to force a new directory scan. Default false. * @return array|false Valid themes found on success, false on failure. */ function search_theme_directories( $force = false ) { global $wp_theme_directories; static $found_themes = null; if ( empty( $wp_theme_directories ) ) { return false; } if ( ! $force && isset( $found_themes ) ) { return $found_themes; } $found_themes = array(); $wp_theme_directories = (array) $wp_theme_directories; $relative_theme_roots = array(); /* * Set up maybe-relative, maybe-absolute array of theme directories. * We always want to return absolute, but we need to cache relative * to use in get_theme_root(). */ foreach ( $wp_theme_directories as $theme_root ) { if ( str_starts_with( $theme_root, WP_CONTENT_DIR ) ) { $relative_theme_roots[ str_replace( WP_CONTENT_DIR, '', $theme_root ) ] = $theme_root; } else { $relative_theme_roots[ $theme_root ] = $theme_root; } } /** * Filters whether to get the cache of the registered theme directories. * * @since 3.4.0 * * @param bool $cache_expiration Whether to get the cache of the theme directories. Default false. * @param string $context The class or function name calling the filter. */ $cache_expiration = apply_filters( 'wp_cache_themes_persistently', false, 'search_theme_directories' ); if ( $cache_expiration ) { $cached_roots = get_site_transient( 'theme_roots' ); if ( is_array( $cached_roots ) ) { foreach ( $cached_roots as $theme_dir => $theme_root ) { // A cached theme root is no longer around, so skip it. if ( ! isset( $relative_theme_roots[ $theme_root ] ) ) { continue; } $found_themes[ $theme_dir ] = array( 'theme_file' => $theme_dir . '/style.css', 'theme_root' => $relative_theme_roots[ $theme_root ], // Convert relative to absolute. ); } return $found_themes; } if ( ! is_int( $cache_expiration ) ) { $cache_expiration = 30 * MINUTE_IN_SECONDS; } } else { $cache_expiration = 30 * MINUTE_IN_SECONDS; } /* Loop the registered theme directories and extract all themes */ foreach ( $wp_theme_directories as $theme_root ) { // Start with directories in the root of the active theme directory. $dirs = @ scandir( $theme_root ); if ( ! $dirs ) { wp_trigger_error( __FUNCTION__, "$theme_root is not readable" ); continue; } foreach ( $dirs as $dir ) { if ( ! is_dir( $theme_root . '/' . $dir ) || '.' === $dir[0] || 'CVS' === $dir ) { continue; } if ( file_exists( $theme_root . '/' . $dir . '/style.css' ) ) { /* * wp-content/themes/a-single-theme * wp-content/themes is $theme_root, a-single-theme is $dir. */ $found_themes[ $dir ] = array( 'theme_file' => $dir . '/style.css', 'theme_root' => $theme_root, ); } else { $found_theme = false; /* * wp-content/themes/a-folder-of-themes/* * wp-content/themes is $theme_root, a-folder-of-themes is $dir, then themes are $sub_dirs. */ $sub_dirs = @ scandir( $theme_root . '/' . $dir ); if ( ! $sub_dirs ) { wp_trigger_error( __FUNCTION__, "$theme_root/$dir is not readable" ); continue; } foreach ( $sub_dirs as $sub_dir ) { if ( ! is_dir( $theme_root . '/' . $dir . '/' . $sub_dir ) || '.' === $dir[0] || 'CVS' === $dir ) { continue; } if ( ! file_exists( $theme_root . '/' . $dir . '/' . $sub_dir . '/style.css' ) ) { continue; } $found_themes[ $dir . '/' . $sub_dir ] = array( 'theme_file' => $dir . '/' . $sub_dir . '/style.css', 'theme_root' => $theme_root, ); $found_theme = true; } /* * Never mind the above, it's just a theme missing a style.css. * Return it; WP_Theme will catch the error. */ if ( ! $found_theme ) { $found_themes[ $dir ] = array( 'theme_file' => $dir . '/style.css', 'theme_root' => $theme_root, ); } } } } asort( $found_themes ); $theme_roots = array(); $relative_theme_roots = array_flip( $relative_theme_roots ); foreach ( $found_themes as $theme_dir => $theme_data ) { $theme_roots[ $theme_dir ] = $relative_theme_roots[ $theme_data['theme_root'] ]; // Convert absolute to relative. } if ( get_site_transient( 'theme_roots' ) !== $theme_roots ) { set_site_transient( 'theme_roots', $theme_roots, $cache_expiration ); } return $found_themes; } /** * Retrieves path to themes directory. * * Does not have trailing slash. * * @since 1.5.0 * * @global string[] $wp_theme_directories * * @param string $stylesheet_or_template Optional. The stylesheet or template name of the theme. * Default is to leverage the main theme root. * @return string Themes directory path. */ function get_theme_root( $stylesheet_or_template = '' ) { global $wp_theme_directories; $theme_root = ''; if ( $stylesheet_or_template ) { $theme_root = get_raw_theme_root( $stylesheet_or_template ); if ( $theme_root ) { /* * Always prepend WP_CONTENT_DIR unless the root currently registered as a theme directory. * This gives relative theme roots the benefit of the doubt when things go haywire. */ if ( ! in_array( $theme_root, (array) $wp_theme_directories, true ) ) { $theme_root = WP_CONTENT_DIR . $theme_root; } } } if ( ! $theme_root ) { $theme_root = WP_CONTENT_DIR . '/themes'; } /** * Filters the absolute path to the themes directory. * * @since 1.5.0 * * @param string $theme_root Absolute path to themes directory. */ return apply_filters( 'theme_root', $theme_root ); } /** * Retrieves URI for themes directory. * * Does not have trailing slash. * * @since 1.5.0 * * @global string[] $wp_theme_directories * * @param string $stylesheet_or_template Optional. The stylesheet or template name of the theme. * Default is to leverage the main theme root. * @param string $theme_root Optional. The theme root for which calculations will be based, * preventing the need for a get_raw_theme_root() call. Default empty. * @return string Themes directory URI. */ function get_theme_root_uri( $stylesheet_or_template = '', $theme_root = '' ) { global $wp_theme_directories; if ( $stylesheet_or_template && ! $theme_root ) { $theme_root = get_raw_theme_root( $stylesheet_or_template ); } if ( $stylesheet_or_template && $theme_root ) { if ( in_array( $theme_root, (array) $wp_theme_directories, true ) ) { // Absolute path. Make an educated guess. YMMV -- but note the filter below. if ( str_starts_with( $theme_root, WP_CONTENT_DIR ) ) { $theme_root_uri = content_url( str_replace( WP_CONTENT_DIR, '', $theme_root ) ); } elseif ( str_starts_with( $theme_root, ABSPATH ) ) { $theme_root_uri = site_url( str_replace( ABSPATH, '', $theme_root ) ); } elseif ( str_starts_with( $theme_root, WP_PLUGIN_DIR ) || str_starts_with( $theme_root, WPMU_PLUGIN_DIR ) ) { $theme_root_uri = plugins_url( basename( $theme_root ), $theme_root ); } else { $theme_root_uri = $theme_root; } } else { $theme_root_uri = content_url( $theme_root ); } } else { $theme_root_uri = content_url( 'themes' ); } /** * Filters the URI for themes directory. * * @since 1.5.0 * * @param string $theme_root_uri The URI for themes directory. * @param string $siteurl WordPress web address which is set in General Options. * @param string $stylesheet_or_template The stylesheet or template name of the theme. */ return apply_filters( 'theme_root_uri', $theme_root_uri, get_option( 'siteurl' ), $stylesheet_or_template ); } /** * Gets the raw theme root relative to the content directory with no filters applied. * * @since 3.1.0 * * @global string[] $wp_theme_directories * * @param string $stylesheet_or_template The stylesheet or template name of the theme. * @param bool $skip_cache Optional. Whether to skip the cache. * Defaults to false, meaning the cache is used. * @return string Theme root. */ function get_raw_theme_root( $stylesheet_or_template, $skip_cache = false ) { global $wp_theme_directories; if ( ! is_array( $wp_theme_directories ) || count( $wp_theme_directories ) <= 1 ) { return '/themes'; } $theme_root = false; // If requesting the root for the active theme, consult options to avoid calling get_theme_roots(). if ( ! $skip_cache ) { if ( get_option( 'stylesheet' ) === $stylesheet_or_template ) { $theme_root = get_option( 'stylesheet_root' ); } elseif ( get_option( 'template' ) === $stylesheet_or_template ) { $theme_root = get_option( 'template_root' ); } } if ( empty( $theme_root ) ) { $theme_roots = get_theme_roots(); if ( ! empty( $theme_roots[ $stylesheet_or_template ] ) ) { $theme_root = $theme_roots[ $stylesheet_or_template ]; } } return $theme_root; } /** * Displays localized stylesheet link element. * * @since 2.1.0 */ function locale_stylesheet() { $stylesheet = get_locale_stylesheet_uri(); if ( empty( $stylesheet ) ) { return; } $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; printf( '<link rel="stylesheet" href="%s"%s media="screen" />', $stylesheet, $type_attr ); } /** * Switches the theme. * * Accepts one argument: $stylesheet of the theme. It also accepts an additional function signature * of two arguments: $template then $stylesheet. This is for backward compatibility. * * @since 2.5.0 * * @global string[] $wp_theme_directories * @global WP_Customize_Manager $wp_customize * @global array $sidebars_widgets * @global array $wp_registered_sidebars * * @param string $stylesheet Stylesheet name. */ function switch_theme( $stylesheet ) { global $wp_theme_directories, $wp_customize, $sidebars_widgets, $wp_registered_sidebars; $requirements = validate_theme_requirements( $stylesheet ); if ( is_wp_error( $requirements ) ) { wp_die( $requirements ); } $_sidebars_widgets = null; if ( 'wp_ajax_customize_save' === current_action() ) { $old_sidebars_widgets_data_setting = $wp_customize->get_setting( 'old_sidebars_widgets_data' ); if ( $old_sidebars_widgets_data_setting ) { $_sidebars_widgets = $wp_customize->post_value( $old_sidebars_widgets_data_setting ); } } elseif ( is_array( $sidebars_widgets ) ) { $_sidebars_widgets = $sidebars_widgets; } if ( is_array( $_sidebars_widgets ) ) { set_theme_mod( 'sidebars_widgets', array( 'time' => time(), 'data' => $_sidebars_widgets, ) ); } $nav_menu_locations = get_theme_mod( 'nav_menu_locations' ); update_option( 'theme_switch_menu_locations', $nav_menu_locations, true ); if ( func_num_args() > 1 ) { $stylesheet = func_get_arg( 1 ); } $old_theme = wp_get_theme(); $new_theme = wp_get_theme( $stylesheet ); $template = $new_theme->get_template(); if ( wp_is_recovery_mode() ) { $paused_themes = wp_paused_themes(); $paused_themes->delete( $old_theme->get_stylesheet() ); $paused_themes->delete( $old_theme->get_template() ); } update_option( 'template', $template ); update_option( 'stylesheet', $stylesheet ); if ( count( $wp_theme_directories ) > 1 ) { update_option( 'template_root', get_raw_theme_root( $template, true ) ); update_option( 'stylesheet_root', get_raw_theme_root( $stylesheet, true ) ); } else { delete_option( 'template_root' ); delete_option( 'stylesheet_root' ); } $new_name = $new_theme->get( 'Name' ); update_option( 'current_theme', $new_name ); // Migrate from the old mods_{name} option to theme_mods_{slug}. if ( is_admin() && false === get_option( 'theme_mods_' . $stylesheet ) ) { $default_theme_mods = (array) get_option( 'mods_' . $new_name ); if ( ! empty( $nav_menu_locations ) && empty( $default_theme_mods['nav_menu_locations'] ) ) { $default_theme_mods['nav_menu_locations'] = $nav_menu_locations; } add_option( "theme_mods_$stylesheet", $default_theme_mods ); } else { /* * Since retrieve_widgets() is called when initializing a theme in the Customizer, * we need to remove the theme mods to avoid overwriting changes made via * the Customizer when accessing wp-admin/widgets.php. */ if ( 'wp_ajax_customize_save' === current_action() ) { remove_theme_mod( 'sidebars_widgets' ); } } // Stores classic sidebars for later use by block themes. if ( $new_theme->is_block_theme() ) { set_theme_mod( 'wp_classic_sidebars', $wp_registered_sidebars ); } update_option( 'theme_switched', $old_theme->get_stylesheet() ); /* * Reset template globals when switching themes outside of a switched blog * context to ensure templates will be loaded from the new theme. */ if ( ! is_multisite() || ! ms_is_switched() ) { wp_set_template_globals(); } // Clear pattern caches. if ( ! is_multisite() ) { $new_theme->delete_pattern_cache(); $old_theme->delete_pattern_cache(); } // Set autoload=no for the old theme, autoload=yes for the switched theme. $theme_mods_options = array( 'theme_mods_' . $stylesheet => 'yes', 'theme_mods_' . $old_theme->get_stylesheet() => 'no', ); wp_set_option_autoload_values( $theme_mods_options ); /** * Fires after the theme is switched. * * See {@see 'after_switch_theme'}. * * @since 1.5.0 * @since 4.5.0 Introduced the `$old_theme` parameter. * * @param string $new_name Name of the new theme. * @param WP_Theme $new_theme WP_Theme instance of the new theme. * @param WP_Theme $old_theme WP_Theme instance of the old theme. */ do_action( 'switch_theme', $new_name, $new_theme, $old_theme ); } /** * Checks that the active theme has the required files. * * Standalone themes need to have a `templates/index.html` or `index.php` template file. * Child themes need to have a `Template` header in the `style.css` stylesheet. * * Does not initially check the default theme, which is the fallback and should always exist. * But if it doesn't exist, it'll fall back to the latest core default theme that does exist. * Will switch theme to the fallback theme if active theme does not validate. * * You can use the {@see 'validate_current_theme'} filter to return false to disable * this functionality. * * @since 1.5.0 * @since 6.0.0 Removed the requirement for block themes to have an `index.php` template. * * @see WP_DEFAULT_THEME * * @return bool */ function validate_current_theme() { /** * Filters whether to validate the active theme. * * @since 2.7.0 * * @param bool $validate Whether to validate the active theme. Default true. */ if ( wp_installing() || ! apply_filters( 'validate_current_theme', true ) ) { return true; } if ( ! file_exists( get_template_directory() . '/templates/index.html' ) && ! file_exists( get_template_directory() . '/block-templates/index.html' ) // Deprecated path support since 5.9.0. && ! file_exists( get_template_directory() . '/index.php' ) ) { // Invalid. } elseif ( ! file_exists( get_template_directory() . '/style.css' ) ) { // Invalid. } elseif ( is_child_theme() && ! file_exists( get_stylesheet_directory() . '/style.css' ) ) { // Invalid. } else { // Valid. return true; } $default = wp_get_theme( WP_DEFAULT_THEME ); if ( $default->exists() ) { switch_theme( WP_DEFAULT_THEME ); return false; } /** * If we're in an invalid state but WP_DEFAULT_THEME doesn't exist, * switch to the latest core default theme that's installed. * * If it turns out that this latest core default theme is our current * theme, then there's nothing we can do about that, so we have to bail, * rather than going into an infinite loop. (This is why there are * checks against WP_DEFAULT_THEME above, also.) We also can't do anything * if it turns out there is no default theme installed. (That's `false`.) */ $default = WP_Theme::get_core_default_theme(); if ( false === $default || get_stylesheet() === $default->get_stylesheet() ) { return true; } switch_theme( $default->get_stylesheet() ); return false; } /** * Validates the theme requirements for WordPress version and PHP version. * * Uses the information from `Requires at least` and `Requires PHP` headers * defined in the theme's `style.css` file. * * @since 5.5.0 * @since 5.8.0 Removed support for using `readme.txt` as a fallback. * * @param string $stylesheet Directory name for the theme. * @return true|WP_Error True if requirements are met, WP_Error on failure. */ function validate_theme_requirements( $stylesheet ) { $theme = wp_get_theme( $stylesheet ); $requirements = array( 'requires' => ! empty( $theme->get( 'RequiresWP' ) ) ? $theme->get( 'RequiresWP' ) : '', 'requires_php' => ! empty( $theme->get( 'RequiresPHP' ) ) ? $theme->get( 'RequiresPHP' ) : '', ); $compatible_wp = is_wp_version_compatible( $requirements['requires'] ); $compatible_php = is_php_version_compatible( $requirements['requires_php'] ); if ( ! $compatible_wp && ! $compatible_php ) { return new WP_Error( 'theme_wp_php_incompatible', sprintf( /* translators: %s: Theme name. */ _x( '<strong>Error:</strong> Current WordPress and PHP versions do not meet minimum requirements for %s.', 'theme' ), $theme->display( 'Name' ) ) ); } elseif ( ! $compatible_php ) { return new WP_Error( 'theme_php_incompatible', sprintf( /* translators: %s: Theme name. */ _x( '<strong>Error:</strong> Current PHP version does not meet minimum requirements for %s.', 'theme' ), $theme->display( 'Name' ) ) ); } elseif ( ! $compatible_wp ) { return new WP_Error( 'theme_wp_incompatible', sprintf( /* translators: %s: Theme name. */ _x( '<strong>Error:</strong> Current WordPress version does not meet minimum requirements for %s.', 'theme' ), $theme->display( 'Name' ) ) ); } /** * Filters the theme requirement validation response. * * If a theme fails due to a Core-provided validation (incompatible WP, PHP versions), this * filter will not fire. A WP_Error response will already be returned. * * This filter is intended to add additional validation steps by site administrators. * * @since 6.9.0 * * @param bool|WP_Error $met_requirements True if the theme meets requirements, WP_Error if not. * @param string $stylesheet Directory name for the theme. */ return apply_filters( 'validate_theme_requirements', true, $stylesheet ); } /** * Retrieves all theme modifications. * * @since 3.1.0 * @since 5.9.0 The return value is always an array. * * @return array Theme modifications. */ function get_theme_mods() { $theme_slug = get_option( 'stylesheet' ); $mods = get_option( "theme_mods_$theme_slug" ); if ( false === $mods ) { $theme_name = get_option( 'current_theme' ); if ( false === $theme_name ) { $theme_name = wp_get_theme()->get( 'Name' ); } $mods = get_option( "mods_$theme_name" ); // Deprecated location. if ( is_admin() && false !== $mods ) { update_option( "theme_mods_$theme_slug", $mods ); delete_option( "mods_$theme_name" ); } } if ( ! is_array( $mods ) ) { $mods = array(); } return $mods; } /** * Retrieves theme modification value for the active theme. * * If the modification name does not exist and `$default_value` is a string, then the * default will be passed through the {@link https://www.php.net/sprintf sprintf()} * PHP function with the template directory URI as the first value and the * stylesheet directory URI as the second value. * * @since 2.1.0 * * @param string $name Theme modification name. * @param mixed $default_value Optional. Theme modification default value. Default false. * @return mixed Theme modification value. */ function get_theme_mod( $name, $default_value = false ) { $mods = get_theme_mods(); if ( isset( $mods[ $name ] ) ) { /** * Filters the theme modification, or 'theme_mod', value. * * The dynamic portion of the hook name, `$name`, refers to the key name * of the modification array. For example, 'header_textcolor', 'header_image', * and so on depending on the theme options. * * @since 2.2.0 * * @param mixed $current_mod The value of the active theme modification. */ return apply_filters( "theme_mod_{$name}", $mods[ $name ] ); } if ( is_string( $default_value ) ) { // Only run the replacement if an sprintf() string format pattern was found. if ( preg_match( '#(?<!%)%(?:\d+\$?)?s#', $default_value ) ) { // Remove a single trailing percent sign. $default_value = preg_replace( '#(?<!%)%$#', '', $default_value ); $default_value = sprintf( $default_value, get_template_directory_uri(), get_stylesheet_directory_uri() ); } } /** This filter is documented in wp-includes/theme.php */ return apply_filters( "theme_mod_{$name}", $default_value ); } /** * Updates theme modification value for the active theme. * * @since 2.1.0 * @since 5.6.0 A return value was added. * * @param string $name Theme modification name. * @param mixed $value Theme modification value. * @return bool True if the value was updated, false otherwise. */ function set_theme_mod( $name, $value ) { $mods = get_theme_mods(); $old_value = isset( $mods[ $name ] ) ? $mods[ $name ] : false; /** * Filters the theme modification, or 'theme_mod', value on save. * * The dynamic portion of the hook name, `$name`, refers to the key name * of the modification array. For example, 'header_textcolor', 'header_image', * and so on depending on the theme options. * * @since 3.9.0 * * @param mixed $value The new value of the theme modification. * @param mixed $old_value The current value of the theme modification. */ $mods[ $name ] = apply_filters( "pre_set_theme_mod_{$name}", $value, $old_value ); $theme = get_option( 'stylesheet' ); return update_option( "theme_mods_$theme", $mods ); } /** * Removes theme modification name from active theme list. * * If removing the name also removes all elements, then the entire option * will be removed. * * @since 2.1.0 * * @param string $name Theme modification name. */ function remove_theme_mod( $name ) { $mods = get_theme_mods(); if ( ! isset( $mods[ $name ] ) ) { return; } unset( $mods[ $name ] ); if ( empty( $mods ) ) { remove_theme_mods(); return; } $theme = get_option( 'stylesheet' ); update_option( "theme_mods_$theme", $mods ); } /** * Removes theme modifications option for the active theme. * * @since 2.1.0 */ function remove_theme_mods() { delete_option( 'theme_mods_' . get_option( 'stylesheet' ) ); // Old style. $theme_name = get_option( 'current_theme' ); if ( false === $theme_name ) { $theme_name = wp_get_theme()->get( 'Name' ); } delete_option( 'mods_' . $theme_name ); } /** * Retrieves the custom header text color in 3- or 6-digit hexadecimal form. * * @since 2.1.0 * * @return string Header text color in 3- or 6-digit hexadecimal form (minus the hash symbol). */ function get_header_textcolor() { return get_theme_mod( 'header_textcolor', get_theme_support( 'custom-header', 'default-text-color' ) ); } /** * Displays the custom header text color in 3- or 6-digit hexadecimal form (minus the hash symbol). * * @since 2.1.0 */ function header_textcolor() { echo get_header_textcolor(); } /** * Whether to display the header text. * * @since 3.4.0 * * @return bool */ function display_header_text() { if ( ! current_theme_supports( 'custom-header', 'header-text' ) ) { return false; } $text_color = get_theme_mod( 'header_textcolor', get_theme_support( 'custom-header', 'default-text-color' ) ); return 'blank' !== $text_color; } /** * Checks whether a header image is set or not. * * @since 4.2.0 * * @see get_header_image() * * @return bool Whether a header image is set or not. */ function has_header_image() { return (bool) get_header_image(); } /** * Retrieves header image for custom header. * * @since 2.1.0 * * @return string|false */ function get_header_image() { $url = get_theme_mod( 'header_image', get_theme_support( 'custom-header', 'default-image' ) ); if ( 'remove-header' === $url ) { return false; } if ( is_random_header_image() ) { $url = get_random_header_image(); } /** * Filters the header image URL. * * @since 6.1.0 * * @param string $url Header image URL. */ $url = apply_filters( 'get_header_image', $url ); if ( ! is_string( $url ) ) { return false; } $url = trim( $url ); return sanitize_url( set_url_scheme( $url ) ); } /** * Creates image tag markup for a custom header image. * * @since 4.4.0 * * @param array $attr Optional. Additional attributes for the image tag. Can be used * to override the default attributes. Default empty. * @return string HTML image element markup or empty string on failure. */ function get_header_image_tag( $attr = array() ) { $header = get_custom_header(); $header->url = get_header_image(); if ( ! $header->url ) { return ''; } $width = absint( $header->width ); $height = absint( $header->height ); $alt = ''; // Use alternative text assigned to the image, if available. Otherwise, leave it empty. if ( ! empty( $header->attachment_id ) ) { $image_alt = get_post_meta( $header->attachment_id, '_wp_attachment_image_alt', true ); if ( is_string( $image_alt ) ) { $alt = $image_alt; } } $attr = wp_parse_args( $attr, array( 'src' => $header->url, 'width' => $width, 'height' => $height, 'alt' => $alt, ) ); // Generate 'srcset' and 'sizes' if not already present. if ( empty( $attr['srcset'] ) && ! empty( $header->attachment_id ) ) { $image_meta = get_post_meta( $header->attachment_id, '_wp_attachment_metadata', true ); $size_array = array( $width, $height ); if ( is_array( $image_meta ) ) { $srcset = wp_calculate_image_srcset( $size_array, $header->url, $image_meta, $header->attachment_id ); if ( ! empty( $attr['sizes'] ) ) { $sizes = $attr['sizes']; } else { $sizes = wp_calculate_image_sizes( $size_array, $header->url, $image_meta, $header->attachment_id ); } if ( $srcset && $sizes ) { $attr['srcset'] = $srcset; $attr['sizes'] = $sizes; } } } $attr = array_merge( $attr, wp_get_loading_optimization_attributes( 'img', $attr, 'get_header_image_tag' ) ); /* * If the default value of `lazy` for the `loading` attribute is overridden * to omit the attribute for this image, ensure it is not included. */ if ( isset( $attr['loading'] ) && ! $attr['loading'] ) { unset( $attr['loading'] ); } // If the `fetchpriority` attribute is overridden and set to false or an empty string. if ( isset( $attr['fetchpriority'] ) && ! $attr['fetchpriority'] ) { unset( $attr['fetchpriority'] ); } // If the `decoding` attribute is overridden and set to false or an empty string. if ( isset( $attr['decoding'] ) && ! $attr['decoding'] ) { unset( $attr['decoding'] ); } /** * Filters the list of header image attributes. * * @since 5.9.0 * * @param array $attr Array of the attributes for the image tag. * @param object $header The custom header object returned by 'get_custom_header()'. */ $attr = apply_filters( 'get_header_image_tag_attributes', $attr, $header ); $attr = array_map( 'esc_attr', $attr ); $html = '<img'; foreach ( $attr as $name => $value ) { $html .= ' ' . $name . '="' . $value . '"'; } $html .= ' />'; /** * Filters the markup of header images. * * @since 4.4.0 * * @param string $html The HTML image tag markup being filtered. * @param object $header The custom header object returned by 'get_custom_header()'. * @param array $attr Array of the attributes for the image tag. */ return apply_filters( 'get_header_image_tag', $html, $header, $attr ); } /** * Displays the image markup for a custom header image. * * @since 4.4.0 * * @param array $attr Optional. Attributes for the image markup. Default empty. */ function the_header_image_tag( $attr = array() ) { echo get_header_image_tag( $attr ); } /** * Gets random header image data from registered images in theme. * * @since 3.4.0 * * @access private * * @global array $_wp_default_headers * * @return object */ function _get_random_header_data() { global $_wp_default_headers; static $_wp_random_header = null; if ( empty( $_wp_random_header ) ) { $header_image_mod = get_theme_mod( 'header_image', '' ); $headers = array(); if ( 'random-uploaded-image' === $header_image_mod ) { $headers = get_uploaded_header_images(); } elseif ( ! empty( $_wp_default_headers ) ) { if ( 'random-default-image' === $header_image_mod ) { $headers = $_wp_default_headers; } else { if ( current_theme_supports( 'custom-header', 'random-default' ) ) { $headers = $_wp_default_headers; } } } if ( empty( $headers ) ) { return new stdClass(); } $_wp_random_header = (object) $headers[ array_rand( $headers ) ]; $_wp_random_header->url = sprintf( $_wp_random_header->url, get_template_directory_uri(), get_stylesheet_directory_uri() ); $_wp_random_header->thumbnail_url = sprintf( $_wp_random_header->thumbnail_url, get_template_directory_uri(), get_stylesheet_directory_uri() ); } return $_wp_random_header; } /** * Gets random header image URL from registered images in theme. * * @since 3.2.0 * * @return string Path to header image. */ function get_random_header_image() { $random_image = _get_random_header_data(); if ( empty( $random_image->url ) ) { return ''; } return $random_image->url; } /** * Checks if random header image is in use. * * Always true if user expressly chooses the option in Appearance > Header. * Also true if theme has multiple header images registered, no specific header image * is chosen, and theme turns on random headers with add_theme_support(). * * @since 3.2.0 * * @param string $type The random pool to use. Possible values include 'any', * 'default', 'uploaded'. Default 'any'. * @return bool */ function is_random_header_image( $type = 'any' ) { $header_image_mod = get_theme_mod( 'header_image', get_theme_support( 'custom-header', 'default-image' ) ); if ( 'any' === $type ) { if ( 'random-default-image' === $header_image_mod || 'random-uploaded-image' === $header_image_mod || ( empty( $header_image_mod ) && '' !== get_random_header_image() ) ) { return true; } } else { if ( "random-$type-image" === $header_image_mod ) { return true; } elseif ( 'default' === $type && empty( $header_image_mod ) && '' !== get_random_header_image() ) { return true; } } return false; } /** * Displays header image URL. * * @since 2.1.0 */ function header_image() { $image = get_header_image(); if ( $image ) { echo esc_url( $image ); } } /** * Gets the header images uploaded for the active theme. * * @since 3.2.0 * * @return array */ function get_uploaded_header_images() { $header_images = array(); $headers = get_posts( array( 'post_type' => 'attachment', 'meta_key' => '_wp_attachment_is_custom_header', 'meta_value' => get_option( 'stylesheet' ), 'orderby' => 'none', 'nopaging' => true, ) ); if ( empty( $headers ) ) { return array(); } foreach ( (array) $headers as $header ) { $url = sanitize_url( wp_get_attachment_url( $header->ID ) ); $header_data = wp_get_attachment_metadata( $header->ID ); $header_index = $header->ID; $header_images[ $header_index ] = array(); $header_images[ $header_index ]['attachment_id'] = $header->ID; $header_images[ $header_index ]['url'] = $url; $header_images[ $header_index ]['thumbnail_url'] = $url; $header_images[ $header_index ]['alt_text'] = get_post_meta( $header->ID, '_wp_attachment_image_alt', true ); if ( isset( $header_data['attachment_parent'] ) ) { $header_images[ $header_index ]['attachment_parent'] = $header_data['attachment_parent']; } else { $header_images[ $header_index ]['attachment_parent'] = ''; } if ( isset( $header_data['width'] ) ) { $header_images[ $header_index ]['width'] = $header_data['width']; } if ( isset( $header_data['height'] ) ) { $header_images[ $header_index ]['height'] = $header_data['height']; } } return $header_images; } /** * Gets the header image data. * * @since 3.4.0 * * @global array $_wp_default_headers * * @return object */ function get_custom_header() { global $_wp_default_headers; if ( is_random_header_image() ) { $data = _get_random_header_data(); } else { $data = get_theme_mod( 'header_image_data' ); if ( ! $data && current_theme_supports( 'custom-header', 'default-image' ) ) { $directory_args = array( get_template_directory_uri(), get_stylesheet_directory_uri() ); $data = array(); $data['url'] = vsprintf( get_theme_support( 'custom-header', 'default-image' ), $directory_args ); $data['thumbnail_url'] = $data['url']; if ( ! empty( $_wp_default_headers ) ) { foreach ( (array) $_wp_default_headers as $default_header ) { $url = vsprintf( $default_header['url'], $directory_args ); if ( $data['url'] === $url ) { $data = $default_header; $data['url'] = $url; $data['thumbnail_url'] = vsprintf( $data['thumbnail_url'], $directory_args ); break; } } } } } $default = array( 'url' => '', 'thumbnail_url' => '', 'width' => get_theme_support( 'custom-header', 'width' ), 'height' => get_theme_support( 'custom-header', 'height' ), 'video' => get_theme_support( 'custom-header', 'video' ), ); return (object) wp_parse_args( $data, $default ); } /** * Registers a selection of default headers to be displayed by the custom header admin UI. * * @since 3.0.0 * * @global array $_wp_default_headers * * @param array $headers Array of headers keyed by a string ID. The IDs point to arrays * containing 'url', 'thumbnail_url', and 'description' keys. */ function register_default_headers( $headers ) { global $_wp_default_headers; $_wp_default_headers = array_merge( (array) $_wp_default_headers, (array) $headers ); } /** * Unregisters default headers. * * This function must be called after register_default_headers() has already added the * header you want to remove. * * @see register_default_headers() * @since 3.0.0 * * @global array $_wp_default_headers * * @param string|array $header The header string id (key of array) to remove, or an array thereof. * @return bool|void A single header returns true on success, false on failure. * There is currently no return value for multiple headers. */ function unregister_default_headers( $header ) { global $_wp_default_headers; if ( is_array( $header ) ) { array_map( 'unregister_default_headers', $header ); } elseif ( isset( $_wp_default_headers[ $header ] ) ) { unset( $_wp_default_headers[ $header ] ); return true; } else { return false; } } /** * Checks whether a header video is set or not. * * @since 4.7.0 * * @see get_header_video_url() * * @return bool Whether a header video is set or not. */ function has_header_video() { return (bool) get_header_video_url(); } /** * Retrieves header video URL for custom header. * * Uses a local video if present, or falls back to an external video. * * @since 4.7.0 * * @return string|false Header video URL or false if there is no video. */ function get_header_video_url() { $id = absint( get_theme_mod( 'header_video' ) ); if ( $id ) { // Get the file URL from the attachment ID. $url = wp_get_attachment_url( $id ); } else { $url = get_theme_mod( 'external_header_video' ); } /** * Filters the header video URL. * * @since 4.7.3 * * @param string $url Header video URL, if available. */ $url = apply_filters( 'get_header_video_url', $url ); if ( ! $id && ! $url ) { return false; } return sanitize_url( set_url_scheme( $url ) ); } /** * Displays header video URL. * * @since 4.7.0 */ function the_header_video_url() { $video = get_header_video_url(); if ( $video ) { echo esc_url( $video ); } } /** * Retrieves header video settings. * * @since 4.7.0 * * @return array */ function get_header_video_settings() { $header = get_custom_header(); $video_url = get_header_video_url(); $video_type = wp_check_filetype( $video_url, wp_get_mime_types() ); $settings = array( 'mimeType' => '', 'posterUrl' => get_header_image(), 'videoUrl' => $video_url, 'width' => absint( $header->width ), 'height' => absint( $header->height ), 'minWidth' => 900, 'minHeight' => 500, 'l10n' => array( 'pause' => __( 'Pause' ), 'play' => __( 'Play' ), 'pauseSpeak' => __( 'Video is paused.' ), 'playSpeak' => __( 'Video is playing.' ), ), ); if ( preg_match( '#^https?://(?:www\.)?(?:youtube\.com/watch|youtu\.be/)#', $video_url ) ) { $settings['mimeType'] = 'video/x-youtube'; } elseif ( ! empty( $video_type['type'] ) ) { $settings['mimeType'] = $video_type['type']; } /** * Filters header video settings. * * @since 4.7.0 * * @param array $settings An array of header video settings. */ return apply_filters( 'header_video_settings', $settings ); } /** * Checks whether a custom header is set or not. * * @since 4.7.0 * * @return bool True if a custom header is set. False if not. */ function has_custom_header() { if ( has_header_image() || ( has_header_video() && is_header_video_active() ) ) { return true; } return false; } /** * Checks whether the custom header video is eligible to show on the current page. * * @since 4.7.0 * * @return bool True if the custom header video should be shown. False if not. */ function is_header_video_active() { if ( ! get_theme_support( 'custom-header', 'video' ) ) { return false; } $video_active_cb = get_theme_support( 'custom-header', 'video-active-callback' ); if ( empty( $video_active_cb ) || ! is_callable( $video_active_cb ) ) { $show_video = true; } else { $show_video = call_user_func( $video_active_cb ); } /** * Filters whether the custom header video is eligible to show on the current page. * * @since 4.7.0 * * @param bool $show_video Whether the custom header video should be shown. Returns the value * of the theme setting for the `custom-header`'s `video-active-callback`. * If no callback is set, the default value is that of `is_front_page()`. */ return apply_filters( 'is_header_video_active', $show_video ); } /** * Retrieves the markup for a custom header. * * The container div will always be returned in the Customizer preview. * * @since 4.7.0 * * @return string The markup for a custom header on success. */ function get_custom_header_markup() { if ( ! has_custom_header() && ! is_customize_preview() ) { return ''; } return sprintf( '<div id="wp-custom-header" class="wp-custom-header">%s</div>', get_header_image_tag() ); } /** * Prints the markup for a custom header. * * A container div will always be printed in the Customizer preview. * * @since 4.7.0 */ function the_custom_header_markup() { $custom_header = get_custom_header_markup(); if ( empty( $custom_header ) ) { return; } echo $custom_header; if ( is_header_video_active() && ( has_header_video() || is_customize_preview() ) ) { wp_enqueue_script( 'wp-custom-header' ); wp_localize_script( 'wp-custom-header', '_wpCustomHeaderSettings', get_header_video_settings() ); } } /** * Retrieves background image for custom background. * * @since 3.0.0 * * @return string */ function get_background_image() { return get_theme_mod( 'background_image', get_theme_support( 'custom-background', 'default-image' ) ); } /** * Displays background image path. * * @since 3.0.0 */ function background_image() { echo get_background_image(); } /** * Retrieves value for custom background color. * * @since 3.0.0 * * @return string */ function get_background_color() { return get_theme_mod( 'background_color', get_theme_support( 'custom-background', 'default-color' ) ); } /** * Displays background color value. * * @since 3.0.0 */ function background_color() { echo get_background_color(); } /** * Default custom background callback. * * @since 3.0.0 */ function _custom_background_cb() { // $background is the saved custom image, or the default image. $background = set_url_scheme( get_background_image() ); /* * $color is the saved custom color. * A default has to be specified in style.css. It will not be printed here. */ $color = get_background_color(); if ( get_theme_support( 'custom-background', 'default-color' ) === $color ) { $color = false; } $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; if ( ! $background && ! $color ) { if ( is_customize_preview() ) { printf( '<style%s id="custom-background-css"></style>', $type_attr ); } return; } $style = $color ? 'background-color: ' . maybe_hash_hex_color( $color ) . ';' : ''; if ( $background ) { $image = ' background-image: url("' . sanitize_url( $background ) . '");'; // Background Position. $position_x = get_theme_mod( 'background_position_x', get_theme_support( 'custom-background', 'default-position-x' ) ); $position_y = get_theme_mod( 'background_position_y', get_theme_support( 'custom-background', 'default-position-y' ) ); if ( ! in_array( $position_x, array( 'left', 'center', 'right' ), true ) ) { $position_x = 'left'; } if ( ! in_array( $position_y, array( 'top', 'center', 'bottom' ), true ) ) { $position_y = 'top'; } $position = " background-position: $position_x $position_y;"; // Background Size. $size = get_theme_mod( 'background_size', get_theme_support( 'custom-background', 'default-size' ) ); if ( ! in_array( $size, array( 'auto', 'contain', 'cover' ), true ) ) { $size = 'auto'; } $size = " background-size: $size;"; // Background Repeat. $repeat = get_theme_mod( 'background_repeat', get_theme_support( 'custom-background', 'default-repeat' ) ); if ( ! in_array( $repeat, array( 'repeat-x', 'repeat-y', 'repeat', 'no-repeat' ), true ) ) { $repeat = 'repeat'; } $repeat = " background-repeat: $repeat;"; // Background Scroll. $attachment = get_theme_mod( 'background_attachment', get_theme_support( 'custom-background', 'default-attachment' ) ); if ( 'fixed' !== $attachment ) { $attachment = 'scroll'; } $attachment = " background-attachment: $attachment;"; $style .= $image . $position . $size . $repeat . $attachment; } ?> <style<?php echo $type_attr; ?> id="custom-background-css"> body.custom-background { <?php echo trim( $style ); ?> } </style> <?php } /** * Renders the Custom CSS style element. * * @since 4.7.0 */ function wp_custom_css_cb() { $styles = wp_get_custom_css(); if ( $styles || is_customize_preview() ) : $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; ?> <style<?php echo $type_attr; ?> id="wp-custom-css"> <?php // Note that esc_html() cannot be used because `div > span` is not interpreted properly. echo strip_tags( $styles ); ?> </style> <?php endif; } /** * Fetches the `custom_css` post for a given theme. * * @since 4.7.0 * * @param string $stylesheet Optional. A theme object stylesheet name. Defaults to the active theme. * @return WP_Post|null The custom_css post or null if none exists. */ function wp_get_custom_css_post( $stylesheet = '' ) { if ( empty( $stylesheet ) ) { $stylesheet = get_stylesheet(); } $custom_css_query_vars = array( 'post_type' => 'custom_css', 'post_status' => get_post_stati(), 'name' => sanitize_title( $stylesheet ), 'posts_per_page' => 1, 'no_found_rows' => true, 'cache_results' => true, 'update_post_meta_cache' => false, 'update_post_term_cache' => false, 'lazy_load_term_meta' => false, ); $post = null; if ( get_stylesheet() === $stylesheet ) { $post_id = get_theme_mod( 'custom_css_post_id' ); if ( $post_id > 0 && get_post( $post_id ) ) { $post = get_post( $post_id ); } // `-1` indicates no post exists; no query necessary. if ( ! $post && -1 !== $post_id ) { $query = new WP_Query( $custom_css_query_vars ); $post = $query->post; /* * Cache the lookup. See wp_update_custom_css_post(). * @todo This should get cleared if a custom_css post is added/removed. */ set_theme_mod( 'custom_css_post_id', $post ? $post->ID : -1 ); } } else { $query = new WP_Query( $custom_css_query_vars ); $post = $query->post; } return $post; } /** * Fetches the saved Custom CSS content for rendering. * * @since 4.7.0 * * @param string $stylesheet Optional. A theme object stylesheet name. Defaults to the active theme. * @return string The Custom CSS Post content. */ function wp_get_custom_css( $stylesheet = '' ) { $css = ''; if ( empty( $stylesheet ) ) { $stylesheet = get_stylesheet(); } $post = wp_get_custom_css_post( $stylesheet ); if ( $post ) { $css = $post->post_content; } /** * Filters the custom CSS output into the head element. * * @since 4.7.0 * * @param string $css CSS pulled in from the Custom CSS post type. * @param string $stylesheet The theme stylesheet name. */ $css = apply_filters( 'wp_get_custom_css', $css, $stylesheet ); return $css; } /** * Updates the `custom_css` post for a given theme. * * Inserts a `custom_css` post when one doesn't yet exist. * * @since 4.7.0 * * @param string $css CSS, stored in `post_content`. * @param array $args { * Args. * * @type string $preprocessed Optional. Pre-processed CSS, stored in `post_content_filtered`. * Normally empty string. * @type string $stylesheet Optional. Stylesheet (child theme) to update. * Defaults to active theme/stylesheet. * } * @return WP_Post|WP_Error Post on success, error on failure. */ function wp_update_custom_css_post( $css, $args = array() ) { $args = wp_parse_args( $args, array( 'preprocessed' => '', 'stylesheet' => get_stylesheet(), ) ); $data = array( 'css' => $css, 'preprocessed' => $args['preprocessed'], ); /** * Filters the `css` (`post_content`) and `preprocessed` (`post_content_filtered`) args * for a `custom_css` post being updated. * * This filter can be used by plugin that offer CSS pre-processors, to store the original * pre-processed CSS in `post_content_filtered` and then store processed CSS in `post_content`. * When used in this way, the `post_content_filtered` should be supplied as the setting value * instead of `post_content` via a the `customize_value_custom_css` filter, for example: * * <code> * add_filter( 'customize_value_custom_css', function( $value, $setting ) { * $post = wp_get_custom_css_post( $setting->stylesheet ); * if ( $post && ! empty( $post->post_content_filtered ) ) { * $css = $post->post_content_filtered; * } * return $css; * }, 10, 2 ); * </code> * * @since 4.7.0 * @param array $data { * Custom CSS data. * * @type string $css CSS stored in `post_content`. * @type string $preprocessed Pre-processed CSS stored in `post_content_filtered`. * Normally empty string. * } * @param array $args { * The args passed into `wp_update_custom_css_post()` merged with defaults. * * @type string $css The original CSS passed in to be updated. * @type string $preprocessed The original preprocessed CSS passed in to be updated. * @type string $stylesheet The stylesheet (theme) being updated. * } */ $data = apply_filters( 'update_custom_css_data', $data, array_merge( $args, compact( 'css' ) ) ); $post_data = array( 'post_title' => $args['stylesheet'], 'post_name' => sanitize_title( $args['stylesheet'] ), 'post_type' => 'custom_css', 'post_status' => 'publish', 'post_content' => $data['css'], 'post_content_filtered' => $data['preprocessed'], ); // Update post if it already exists, otherwise create a new one. $post = wp_get_custom_css_post( $args['stylesheet'] ); if ( $post ) { $post_data['ID'] = $post->ID; $r = wp_update_post( wp_slash( $post_data ), true ); } else { $r = wp_insert_post( wp_slash( $post_data ), true ); if ( ! is_wp_error( $r ) ) { if ( get_stylesheet() === $args['stylesheet'] ) { set_theme_mod( 'custom_css_post_id', $r ); } // Trigger creation of a revision. This should be removed once #30854 is resolved. $revisions = wp_get_latest_revision_id_and_total_count( $r ); if ( ! is_wp_error( $revisions ) && 0 === $revisions['count'] ) { wp_save_post_revision( $r ); } } } if ( is_wp_error( $r ) ) { return $r; } return get_post( $r ); } /** * Adds callback for custom TinyMCE editor stylesheets. * * The parameter $stylesheet is the name of the stylesheet, relative to * the theme root. It also accepts an array of stylesheets. * It is optional and defaults to 'editor-style.css'. * * This function automatically adds another stylesheet with -rtl prefix, e.g. editor-style-rtl.css. * If that file doesn't exist, it is removed before adding the stylesheet(s) to TinyMCE. * If an array of stylesheets is passed to add_editor_style(), * RTL is only added for the first stylesheet. * * Since version 3.4 the TinyMCE body has .rtl CSS class. * It is a better option to use that class and add any RTL styles to the main stylesheet. * * @since 3.0.0 * * @global array $editor_styles * * @param array|string $stylesheet Optional. Stylesheet name or array thereof, relative to theme root. * Defaults to 'editor-style.css' */ function add_editor_style( $stylesheet = 'editor-style.css' ) { global $editor_styles; add_theme_support( 'editor-style' ); $editor_styles = (array) $editor_styles; $stylesheet = (array) $stylesheet; if ( is_rtl() ) { $rtl_stylesheet = str_replace( '.css', '-rtl.css', $stylesheet[0] ); $stylesheet[] = $rtl_stylesheet; } $editor_styles = array_merge( $editor_styles, $stylesheet ); } /** * Removes all visual editor stylesheets. * * @since 3.1.0 * * @global array $editor_styles * * @return bool True on success, false if there were no stylesheets to remove. */ function remove_editor_styles() { if ( ! current_theme_supports( 'editor-style' ) ) { return false; } _remove_theme_support( 'editor-style' ); if ( is_admin() ) { $GLOBALS['editor_styles'] = array(); } return true; } /** * Retrieves any registered editor stylesheet URLs. * * @since 4.0.0 * * @global array $editor_styles Registered editor stylesheets * * @return string[] If registered, a list of editor stylesheet URLs. */ function get_editor_stylesheets() { $stylesheets = array(); // Load editor_style.css if the active theme supports it. if ( ! empty( $GLOBALS['editor_styles'] ) && is_array( $GLOBALS['editor_styles'] ) ) { $editor_styles = $GLOBALS['editor_styles']; $editor_styles = array_unique( array_filter( $editor_styles ) ); $style_uri = get_stylesheet_directory_uri(); $style_dir = get_stylesheet_directory(); // Support externally referenced styles (like, say, fonts). foreach ( $editor_styles as $key => $file ) { if ( preg_match( '~^(https?:)?//~', $file ) ) { $stylesheets[] = sanitize_url( $file ); unset( $editor_styles[ $key ] ); } } // Look in a parent theme first, that way child theme CSS overrides. if ( is_child_theme() ) { $template_uri = get_template_directory_uri(); $template_dir = get_template_directory(); foreach ( $editor_styles as $key => $file ) { if ( $file && file_exists( "$template_dir/$file" ) ) { $stylesheets[] = "$template_uri/$file"; } } } foreach ( $editor_styles as $file ) { if ( $file && file_exists( "$style_dir/$file" ) ) { $stylesheets[] = "$style_uri/$file"; } } } /** * Filters the array of URLs of stylesheets applied to the editor. * * @since 4.3.0 * * @param string[] $stylesheets Array of URLs of stylesheets to be applied to the editor. */ return apply_filters( 'editor_stylesheets', $stylesheets ); } /** * Expands a theme's starter content configuration using core-provided data. * * @since 4.7.0 * * @return array Array of starter content. */ function get_theme_starter_content() { $theme_support = get_theme_support( 'starter-content' ); if ( is_array( $theme_support ) && ! empty( $theme_support[0] ) && is_array( $theme_support[0] ) ) { $config = $theme_support[0]; } else { $config = array(); } $core_content = array( 'widgets' => array( 'text_business_info' => array( 'text', array( 'title' => _x( 'Find Us', 'Theme starter content' ), 'text' => implode( '', array( '<strong>' . _x( 'Address', 'Theme starter content' ) . "</strong>\n", _x( '123 Main Street', 'Theme starter content' ) . "\n", _x( 'New York, NY 10001', 'Theme starter content' ) . "\n\n", '<strong>' . _x( 'Hours', 'Theme starter content' ) . "</strong>\n", _x( 'Monday–Friday: 9:00AM–5:00PM', 'Theme starter content' ) . "\n", _x( 'Saturday & Sunday: 11:00AM–3:00PM', 'Theme starter content' ), ) ), 'filter' => true, 'visual' => true, ), ), 'text_about' => array( 'text', array( 'title' => _x( 'About This Site', 'Theme starter content' ), 'text' => _x( 'This may be a good place to introduce yourself and your site or include some credits.', 'Theme starter content' ), 'filter' => true, 'visual' => true, ), ), 'archives' => array( 'archives', array( 'title' => _x( 'Archives', 'Theme starter content' ), ), ), 'calendar' => array( 'calendar', array( 'title' => _x( 'Calendar', 'Theme starter content' ), ), ), 'categories' => array( 'categories', array( 'title' => _x( 'Categories', 'Theme starter content' ), ), ), 'meta' => array( 'meta', array( 'title' => _x( 'Meta', 'Theme starter content' ), ), ), 'recent-comments' => array( 'recent-comments', array( 'title' => _x( 'Recent Comments', 'Theme starter content' ), ), ), 'recent-posts' => array( 'recent-posts', array( 'title' => _x( 'Recent Posts', 'Theme starter content' ), ), ), 'search' => array( 'search', array( 'title' => _x( 'Search', 'Theme starter content' ), ), ), ), 'nav_menus' => array( 'link_home' => array( 'type' => 'custom', 'title' => _x( 'Home', 'Theme starter content' ), 'url' => home_url( '/' ), ), 'page_home' => array( // Deprecated in favor of 'link_home'. 'type' => 'post_type', 'object' => 'page', 'object_id' => '{{home}}', ), 'page_about' => array( 'type' => 'post_type', 'object' => 'page', 'object_id' => '{{about}}', ), 'page_blog' => array( 'type' => 'post_type', 'object' => 'page', 'object_id' => '{{blog}}', ), 'page_news' => array( 'type' => 'post_type', 'object' => 'page', 'object_id' => '{{news}}', ), 'page_contact' => array( 'type' => 'post_type', 'object' => 'page', 'object_id' => '{{contact}}', ), 'link_email' => array( 'title' => _x( 'Email', 'Theme starter content' ), 'url' => 'mailto:wordpress@example.com', ), 'link_facebook' => array( 'title' => _x( 'Facebook', 'Theme starter content' ), 'url' => 'https://www.facebook.com/wordpress', ), 'link_foursquare' => array( 'title' => _x( 'Foursquare', 'Theme starter content' ), 'url' => 'https://foursquare.com/', ), 'link_github' => array( 'title' => _x( 'GitHub', 'Theme starter content' ), 'url' => 'https://github.com/wordpress/', ), 'link_instagram' => array( 'title' => _x( 'Instagram', 'Theme starter content' ), 'url' => 'https://www.instagram.com/explore/tags/wordcamp/', ), 'link_linkedin' => array( 'title' => _x( 'LinkedIn', 'Theme starter content' ), 'url' => 'https://www.linkedin.com/company/1089783', ), 'link_pinterest' => array( 'title' => _x( 'Pinterest', 'Theme starter content' ), 'url' => 'https://www.pinterest.com/', ), 'link_twitter' => array( 'title' => _x( 'Twitter', 'Theme starter content' ), 'url' => 'https://twitter.com/wordpress', ), 'link_yelp' => array( 'title' => _x( 'Yelp', 'Theme starter content' ), 'url' => 'https://www.yelp.com', ), 'link_youtube' => array( 'title' => _x( 'YouTube', 'Theme starter content' ), 'url' => 'https://www.youtube.com/channel/UCdof4Ju7amm1chz1gi1T2ZA', ), ), 'posts' => array( 'home' => array( 'post_type' => 'page', 'post_title' => _x( 'Home', 'Theme starter content' ), 'post_content' => sprintf( "<!-- wp:paragraph -->\n<p>%s</p>\n<!-- /wp:paragraph -->", _x( 'Welcome to your site! This is your homepage, which is what most visitors will see when they come to your site for the first time.', 'Theme starter content' ) ), ), 'about' => array( 'post_type' => 'page', 'post_title' => _x( 'About', 'Theme starter content' ), 'post_content' => sprintf( "<!-- wp:paragraph -->\n<p>%s</p>\n<!-- /wp:paragraph -->", _x( 'You might be an artist who would like to introduce yourself and your work here or maybe you are a business with a mission to describe.', 'Theme starter content' ) ), ), 'contact' => array( 'post_type' => 'page', 'post_title' => _x( 'Contact', 'Theme starter content' ), 'post_content' => sprintf( "<!-- wp:paragraph -->\n<p>%s</p>\n<!-- /wp:paragraph -->", _x( 'This is a page with some basic contact information, such as an address and phone number. You might also try a plugin to add a contact form.', 'Theme starter content' ) ), ), 'blog' => array( 'post_type' => 'page', 'post_title' => _x( 'Blog', 'Theme starter content' ), ), 'news' => array( 'post_type' => 'page', 'post_title' => _x( 'News', 'Theme starter content' ), ), 'homepage-section' => array( 'post_type' => 'page', 'post_title' => _x( 'A homepage section', 'Theme starter content' ), 'post_content' => sprintf( "<!-- wp:paragraph -->\n<p>%s</p>\n<!-- /wp:paragraph -->", _x( 'This is an example of a homepage section. Homepage sections can be any page other than the homepage itself, including the page that shows your latest blog posts.', 'Theme starter content' ) ), ), ), ); $content = array(); foreach ( $config as $type => $args ) { switch ( $type ) { // Use options and theme_mods as-is. case 'options': case 'theme_mods': $content[ $type ] = $config[ $type ]; break; // Widgets are grouped into sidebars. case 'widgets': foreach ( $config[ $type ] as $sidebar_id => $widgets ) { foreach ( $widgets as $id => $widget ) { if ( is_array( $widget ) ) { // Item extends core content. if ( ! empty( $core_content[ $type ][ $id ] ) ) { $widget = array( $core_content[ $type ][ $id ][0], array_merge( $core_content[ $type ][ $id ][1], $widget ), ); } $content[ $type ][ $sidebar_id ][] = $widget; } elseif ( is_string( $widget ) && ! empty( $core_content[ $type ] ) && ! empty( $core_content[ $type ][ $widget ] ) ) { $content[ $type ][ $sidebar_id ][] = $core_content[ $type ][ $widget ]; } } } break; // And nav menu items are grouped into nav menus. case 'nav_menus': foreach ( $config[ $type ] as $nav_menu_location => $nav_menu ) { // Ensure nav menus get a name. if ( empty( $nav_menu['name'] ) ) { $nav_menu['name'] = $nav_menu_location; } $content[ $type ][ $nav_menu_location ]['name'] = $nav_menu['name']; foreach ( $nav_menu['items'] as $id => $nav_menu_item ) { if ( is_array( $nav_menu_item ) ) { // Item extends core content. if ( ! empty( $core_content[ $type ][ $id ] ) ) { $nav_menu_item = array_merge( $core_content[ $type ][ $id ], $nav_menu_item ); } $content[ $type ][ $nav_menu_location ]['items'][] = $nav_menu_item; } elseif ( is_string( $nav_menu_item ) && ! empty( $core_content[ $type ] ) && ! empty( $core_content[ $type ][ $nav_menu_item ] ) ) { $content[ $type ][ $nav_menu_location ]['items'][] = $core_content[ $type ][ $nav_menu_item ]; } } } break; // Attachments are posts but have special treatment. case 'attachments': foreach ( $config[ $type ] as $id => $item ) { if ( ! empty( $item['file'] ) ) { $content[ $type ][ $id ] = $item; } } break; /* * All that's left now are posts (besides attachments). * Not a default case for the sake of clarity and future work. */ case 'posts': foreach ( $config[ $type ] as $id => $item ) { if ( is_array( $item ) ) { // Item extends core content. if ( ! empty( $core_content[ $type ][ $id ] ) ) { $item = array_merge( $core_content[ $type ][ $id ], $item ); } // Enforce a subset of fields. $content[ $type ][ $id ] = wp_array_slice_assoc( $item, array( 'post_type', 'post_title', 'post_excerpt', 'post_name', 'post_content', 'menu_order', 'comment_status', 'thumbnail', 'template', ) ); } elseif ( is_string( $item ) && ! empty( $core_content[ $type ][ $item ] ) ) { $content[ $type ][ $item ] = $core_content[ $type ][ $item ]; } } break; } } /** * Filters the expanded array of starter content. * * @since 4.7.0 * * @param array $content Array of starter content. * @param array $config Array of theme-specific starter content configuration. */ return apply_filters( 'get_theme_starter_content', $content, $config ); } /** * Registers theme support for a given feature. * * Must be called in the theme's functions.php file to work. * If attached to a hook, it must be {@see 'after_setup_theme'}. * The {@see 'init'} hook may be too late for some features. * * Example usage: * * add_theme_support( 'title-tag' ); * add_theme_support( 'custom-logo', array( * 'height' => 480, * 'width' => 720, * ) ); * * @since 2.9.0 * @since 3.4.0 The `custom-header-uploads` feature was deprecated. * @since 3.6.0 The `html5` feature was added. * @since 3.6.1 The `html5` feature requires an array of types to be passed. Defaults to * 'comment-list', 'comment-form', 'search-form' for backward compatibility. * @since 3.9.0 The `html5` feature now also accepts 'gallery' and 'caption'. * @since 4.1.0 The `title-tag` feature was added. * @since 4.5.0 The `customize-selective-refresh-widgets` feature was added. * @since 4.7.0 The `starter-content` feature was added. * @since 5.0.0 The `responsive-embeds`, `align-wide`, `dark-editor-style`, `disable-custom-colors`, * `disable-custom-font-sizes`, `editor-color-palette`, `editor-font-sizes`, * `editor-styles`, and `wp-block-styles` features were added. * @since 5.3.0 The `html5` feature now also accepts 'script' and 'style'. * @since 5.3.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * @since 5.4.0 The `disable-custom-gradients` feature limits to default gradients or gradients added * through `editor-gradient-presets` theme support. * @since 5.5.0 The `core-block-patterns` feature was added and is enabled by default. * @since 5.5.0 The `custom-logo` feature now also accepts 'unlink-homepage-logo'. * @since 5.6.0 The `post-formats` feature warns if no array is passed as the second parameter. * @since 5.8.0 The `widgets-block-editor` feature enables the Widgets block editor. * @since 5.8.0 The `block-templates` feature indicates whether a theme uses block-based templates. * @since 6.0.0 The `html5` feature warns if no array is passed as the second parameter. * @since 6.1.0 The `block-template-parts` feature allows to edit any reusable template part from site editor. * @since 6.1.0 The `disable-layout-styles` feature disables the default layout styles. * @since 6.3.0 The `link-color` feature allows to enable the link color setting. * @since 6.3.0 The `border` feature allows themes without theme.json to add border styles to blocks. * @since 6.5.0 The `appearance-tools` feature enables a few design tools for blocks, * see `WP_Theme_JSON::APPEARANCE_TOOLS_OPT_INS` for a complete list. * @since 6.6.0 The `editor-spacing-sizes` feature was added. * * @global array $_wp_theme_features * * @param string $feature The feature being added. Likely core values include: * - 'admin-bar' * - 'align-wide' * - 'appearance-tools' * - 'automatic-feed-links' * - 'block-templates' * - 'block-template-parts' * - 'border' * - 'core-block-patterns' * - 'custom-background' * - 'custom-header' * - 'custom-line-height' * - 'custom-logo' * - 'customize-selective-refresh-widgets' * - 'custom-spacing' * - 'custom-units' * - 'dark-editor-style' * - 'disable-custom-colors' * - 'disable-custom-font-sizes' * - 'disable-custom-gradients' * - 'disable-layout-styles' * - 'editor-color-palette' * - 'editor-gradient-presets' * - 'editor-font-sizes' * - 'editor-spacing-sizes' * - 'editor-styles' * - 'featured-content' * - 'html5' * - 'link-color' * - 'menus' * - 'post-formats' * - 'post-thumbnails' * - 'responsive-embeds' * - 'starter-content' * - 'title-tag' * - 'widgets' * - 'widgets-block-editor' * - 'wp-block-styles' * @param mixed ...$args Optional extra arguments to pass along with certain features. * @return void|false Void on success, false on failure. */ function add_theme_support( $feature, ...$args ) { global $_wp_theme_features; if ( ! $args ) { $args = true; } switch ( $feature ) { case 'post-thumbnails': // All post types are already supported. if ( true === get_theme_support( 'post-thumbnails' ) ) { return; } /* * Merge post types with any that already declared their support * for post thumbnails. */ if ( isset( $args[0] ) && is_array( $args[0] ) && isset( $_wp_theme_features['post-thumbnails'] ) ) { $args[0] = array_unique( array_merge( $_wp_theme_features['post-thumbnails'][0], $args[0] ) ); } break; case 'post-formats': if ( isset( $args[0] ) && is_array( $args[0] ) ) { $post_formats = get_post_format_slugs(); unset( $post_formats['standard'] ); $args[0] = array_intersect( $args[0], array_keys( $post_formats ) ); } else { _doing_it_wrong( "add_theme_support( 'post-formats' )", __( 'You need to pass an array of post formats.' ), '5.6.0' ); return false; } break; case 'html5': // You can't just pass 'html5', you need to pass an array of types. if ( empty( $args[0] ) || ! is_array( $args[0] ) ) { _doing_it_wrong( "add_theme_support( 'html5' )", __( 'You need to pass an array of types.' ), '3.6.1' ); if ( ! empty( $args[0] ) && ! is_array( $args[0] ) ) { return false; } // Build an array of types for back-compat. $args = array( 0 => array( 'comment-list', 'comment-form', 'search-form' ) ); } // Calling 'html5' again merges, rather than overwrites. if ( isset( $_wp_theme_features['html5'] ) ) { $args[0] = array_merge( $_wp_theme_features['html5'][0], $args[0] ); } break; case 'custom-logo': if ( true === $args ) { $args = array( 0 => array() ); } $defaults = array( 'width' => null, 'height' => null, 'flex-width' => false, 'flex-height' => false, 'header-text' => '', 'unlink-homepage-logo' => false, ); $args[0] = wp_parse_args( array_intersect_key( $args[0], $defaults ), $defaults ); // Allow full flexibility if no size is specified. if ( is_null( $args[0]['width'] ) && is_null( $args[0]['height'] ) ) { $args[0]['flex-width'] = true; $args[0]['flex-height'] = true; } break; case 'custom-header-uploads': return add_theme_support( 'custom-header', array( 'uploads' => true ) ); case 'custom-header': if ( true === $args ) { $args = array( 0 => array() ); } $defaults = array( 'default-image' => '', 'random-default' => false, 'width' => 0, 'height' => 0, 'flex-height' => false, 'flex-width' => false, 'default-text-color' => '', 'header-text' => true, 'uploads' => true, 'wp-head-callback' => '', 'admin-head-callback' => '', 'admin-preview-callback' => '', 'video' => false, 'video-active-callback' => 'is_front_page', ); $jit = isset( $args[0]['__jit'] ); unset( $args[0]['__jit'] ); /* * Merge in data from previous add_theme_support() calls. * The first value registered wins. (A child theme is set up first.) */ if ( isset( $_wp_theme_features['custom-header'] ) ) { $args[0] = wp_parse_args( $_wp_theme_features['custom-header'][0], $args[0] ); } /* * Load in the defaults at the end, as we need to insure first one wins. * This will cause all constants to be defined, as each arg will then be set to the default. */ if ( $jit ) { $args[0] = wp_parse_args( $args[0], $defaults ); } /* * If a constant was defined, use that value. Otherwise, define the constant to ensure * the constant is always accurate (and is not defined later, overriding our value). * As stated above, the first value wins. * Once we get to wp_loaded (just-in-time), define any constants we haven't already. * Constants should be avoided. Don't reference them. This is just for backward compatibility. */ if ( defined( 'NO_HEADER_TEXT' ) ) { $args[0]['header-text'] = ! NO_HEADER_TEXT; } elseif ( isset( $args[0]['header-text'] ) ) { define( 'NO_HEADER_TEXT', empty( $args[0]['header-text'] ) ); } if ( defined( 'HEADER_IMAGE_WIDTH' ) ) { $args[0]['width'] = (int) HEADER_IMAGE_WIDTH; } elseif ( isset( $args[0]['width'] ) ) { define( 'HEADER_IMAGE_WIDTH', (int) $args[0]['width'] ); } if ( defined( 'HEADER_IMAGE_HEIGHT' ) ) { $args[0]['height'] = (int) HEADER_IMAGE_HEIGHT; } elseif ( isset( $args[0]['height'] ) ) { define( 'HEADER_IMAGE_HEIGHT', (int) $args[0]['height'] ); } if ( defined( 'HEADER_TEXTCOLOR' ) ) { $args[0]['default-text-color'] = HEADER_TEXTCOLOR; } elseif ( isset( $args[0]['default-text-color'] ) ) { define( 'HEADER_TEXTCOLOR', $args[0]['default-text-color'] ); } if ( defined( 'HEADER_IMAGE' ) ) { $args[0]['default-image'] = HEADER_IMAGE; } elseif ( isset( $args[0]['default-image'] ) ) { define( 'HEADER_IMAGE', $args[0]['default-image'] ); } if ( $jit && ! empty( $args[0]['default-image'] ) ) { $args[0]['random-default'] = false; } /* * If headers are supported, and we still don't have a defined width or height, * we have implicit flex sizes. */ if ( $jit ) { if ( empty( $args[0]['width'] ) && empty( $args[0]['flex-width'] ) ) { $args[0]['flex-width'] = true; } if ( empty( $args[0]['height'] ) && empty( $args[0]['flex-height'] ) ) { $args[0]['flex-height'] = true; } } break; case 'custom-background': if ( true === $args ) { $args = array( 0 => array() ); } $defaults = array( 'default-image' => '', 'default-preset' => 'default', 'default-position-x' => 'left', 'default-position-y' => 'top', 'default-size' => 'auto', 'default-repeat' => 'repeat', 'default-attachment' => 'scroll', 'default-color' => '', 'wp-head-callback' => '_custom_background_cb', 'admin-head-callback' => '', 'admin-preview-callback' => '', ); $jit = isset( $args[0]['__jit'] ); unset( $args[0]['__jit'] ); // Merge in data from previous add_theme_support() calls. The first value registered wins. if ( isset( $_wp_theme_features['custom-background'] ) ) { $args[0] = wp_parse_args( $_wp_theme_features['custom-background'][0], $args[0] ); } if ( $jit ) { $args[0] = wp_parse_args( $args[0], $defaults ); } if ( defined( 'BACKGROUND_COLOR' ) ) { $args[0]['default-color'] = BACKGROUND_COLOR; } elseif ( isset( $args[0]['default-color'] ) || $jit ) { define( 'BACKGROUND_COLOR', $args[0]['default-color'] ); } if ( defined( 'BACKGROUND_IMAGE' ) ) { $args[0]['default-image'] = BACKGROUND_IMAGE; } elseif ( isset( $args[0]['default-image'] ) || $jit ) { define( 'BACKGROUND_IMAGE', $args[0]['default-image'] ); } break; // Ensure that 'title-tag' is accessible in the admin. case 'title-tag': // Can be called in functions.php but must happen before wp_loaded, i.e. not in header.php. if ( did_action( 'wp_loaded' ) ) { _doing_it_wrong( "add_theme_support( 'title-tag' )", sprintf( /* translators: 1: title-tag, 2: wp_loaded */ __( 'Theme support for %1$s should be registered before the %2$s hook.' ), '<code>title-tag</code>', '<code>wp_loaded</code>' ), '4.1.0' ); return false; } } $_wp_theme_features[ $feature ] = $args; } /** * Registers the internal custom header and background routines. * * @since 3.4.0 * @access private * * @global Custom_Image_Header $custom_image_header * @global Custom_Background $custom_background */ function _custom_header_background_just_in_time() { global $custom_image_header, $custom_background; if ( current_theme_supports( 'custom-header' ) ) { // In case any constants were defined after an add_custom_image_header() call, re-run. add_theme_support( 'custom-header', array( '__jit' => true ) ); $args = get_theme_support( 'custom-header' ); if ( $args[0]['wp-head-callback'] ) { add_action( 'wp_head', $args[0]['wp-head-callback'] ); } if ( is_admin() ) { require_once ABSPATH . 'wp-admin/includes/class-custom-image-header.php'; $custom_image_header = new Custom_Image_Header( $args[0]['admin-head-callback'], $args[0]['admin-preview-callback'] ); } } if ( current_theme_supports( 'custom-background' ) ) { // In case any constants were defined after an add_custom_background() call, re-run. add_theme_support( 'custom-background', array( '__jit' => true ) ); $args = get_theme_support( 'custom-background' ); add_action( 'wp_head', $args[0]['wp-head-callback'] ); if ( is_admin() ) { require_once ABSPATH . 'wp-admin/includes/class-custom-background.php'; $custom_background = new Custom_Background( $args[0]['admin-head-callback'], $args[0]['admin-preview-callback'] ); } } } /** * Adds CSS to hide header text for custom logo, based on Customizer setting. * * @since 4.5.0 * @access private */ function _custom_logo_header_styles() { if ( ! current_theme_supports( 'custom-header', 'header-text' ) && get_theme_support( 'custom-logo', 'header-text' ) && ! get_theme_mod( 'header_text', true ) ) { $classes = (array) get_theme_support( 'custom-logo', 'header-text' ); $classes = array_map( 'sanitize_html_class', $classes ); $classes = '.' . implode( ', .', $classes ); $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; ?> <!-- Custom Logo: hide header text --> <style id="custom-logo-css"<?php echo $type_attr; ?>> <?php echo $classes; ?> { position: absolute; clip-path: inset(50%); } </style> <?php } } /** * Gets the theme support arguments passed when registering that support. * * Example usage: * * get_theme_support( 'custom-logo' ); * get_theme_support( 'custom-header', 'width' ); * * @since 3.1.0 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * * @global array $_wp_theme_features * * @param string $feature The feature to check. See add_theme_support() for the list * of possible values. * @param mixed ...$args Optional extra arguments to be checked against certain features. * @return mixed The array of extra arguments or the value for the registered feature. */ function get_theme_support( $feature, ...$args ) { global $_wp_theme_features; if ( ! isset( $_wp_theme_features[ $feature ] ) ) { return false; } if ( ! $args ) { return $_wp_theme_features[ $feature ]; } switch ( $feature ) { case 'custom-logo': case 'custom-header': case 'custom-background': if ( isset( $_wp_theme_features[ $feature ][0][ $args[0] ] ) ) { return $_wp_theme_features[ $feature ][0][ $args[0] ]; } return false; default: return $_wp_theme_features[ $feature ]; } } /** * Allows a theme to de-register its support of a certain feature * * Should be called in the theme's functions.php file. Generally would * be used for child themes to override support from the parent theme. * * @since 3.0.0 * * @see add_theme_support() * * @param string $feature The feature being removed. See add_theme_support() for the list * of possible values. * @return bool|void Whether feature was removed. */ function remove_theme_support( $feature ) { // Do not remove internal registrations that are not used directly by themes. if ( in_array( $feature, array( 'editor-style', 'widgets', 'menus' ), true ) ) { return false; } return _remove_theme_support( $feature ); } /** * Do not use. Removes theme support internally without knowledge of those not used * by themes directly. * * @access private * @since 3.1.0 * @global array $_wp_theme_features * @global Custom_Image_Header $custom_image_header * @global Custom_Background $custom_background * * @param string $feature The feature being removed. See add_theme_support() for the list * of possible values. * @return bool True if support was removed, false if the feature was not registered. */ function _remove_theme_support( $feature ) { global $_wp_theme_features; switch ( $feature ) { case 'custom-header-uploads': if ( ! isset( $_wp_theme_features['custom-header'] ) ) { return false; } add_theme_support( 'custom-header', array( 'uploads' => false ) ); return; // Do not continue - custom-header-uploads no longer exists. } if ( ! isset( $_wp_theme_features[ $feature ] ) ) { return false; } switch ( $feature ) { case 'custom-header': if ( ! did_action( 'wp_loaded' ) ) { break; } $support = get_theme_support( 'custom-header' ); if ( isset( $support[0]['wp-head-callback'] ) ) { remove_action( 'wp_head', $support[0]['wp-head-callback'] ); } if ( isset( $GLOBALS['custom_image_header'] ) ) { remove_action( 'admin_menu', array( $GLOBALS['custom_image_header'], 'init' ) ); unset( $GLOBALS['custom_image_header'] ); } break; case 'custom-background': if ( ! did_action( 'wp_loaded' ) ) { break; } $support = get_theme_support( 'custom-background' ); if ( isset( $support[0]['wp-head-callback'] ) ) { remove_action( 'wp_head', $support[0]['wp-head-callback'] ); } remove_action( 'admin_menu', array( $GLOBALS['custom_background'], 'init' ) ); unset( $GLOBALS['custom_background'] ); break; } unset( $_wp_theme_features[ $feature ] ); return true; } /** * Checks a theme's support for a given feature. * * Example usage: * * current_theme_supports( 'custom-logo' ); * current_theme_supports( 'html5', 'comment-form' ); * * @since 2.9.0 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * * @global array $_wp_theme_features * * @param string $feature The feature being checked. See add_theme_support() for the list * of possible values. * @param mixed ...$args Optional extra arguments to be checked against certain features. * @return bool True if the active theme supports the feature, false otherwise. */ function current_theme_supports( $feature, ...$args ) { global $_wp_theme_features; if ( 'custom-header-uploads' === $feature ) { return current_theme_supports( 'custom-header', 'uploads' ); } if ( ! isset( $_wp_theme_features[ $feature ] ) ) { return false; } // If no args passed then no extra checks need to be performed. if ( ! $args ) { /** This filter is documented in wp-includes/theme.php */ return apply_filters( "current_theme_supports-{$feature}", true, $args, $_wp_theme_features[ $feature ] ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores } switch ( $feature ) { case 'post-thumbnails': /* * post-thumbnails can be registered for only certain content/post types * by passing an array of types to add_theme_support(). * If no array was passed, then any type is accepted. */ if ( true === $_wp_theme_features[ $feature ] ) { // Registered for all types. return true; } $content_type = $args[0]; return in_array( $content_type, $_wp_theme_features[ $feature ][0], true ); case 'html5': case 'post-formats': /* * Specific post formats can be registered by passing an array of types * to add_theme_support(). * * Specific areas of HTML5 support *must* be passed via an array to add_theme_support(). */ $type = $args[0]; return in_array( $type, $_wp_theme_features[ $feature ][0], true ); case 'custom-logo': case 'custom-header': case 'custom-background': // Specific capabilities can be registered by passing an array to add_theme_support(). return ( isset( $_wp_theme_features[ $feature ][0][ $args[0] ] ) && $_wp_theme_features[ $feature ][0][ $args[0] ] ); } /** * Filters whether the active theme supports a specific feature. * * The dynamic portion of the hook name, `$feature`, refers to the specific * theme feature. See add_theme_support() for the list of possible values. * * @since 3.4.0 * * @param bool $supports Whether the active theme supports the given feature. Default true. * @param array $args Array of arguments for the feature. * @param string $feature The theme feature. */ return apply_filters( "current_theme_supports-{$feature}", true, $args, $_wp_theme_features[ $feature ] ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores } /** * Checks a theme's support for a given feature before loading the functions which implement it. * * @since 2.9.0 * * @param string $feature The feature being checked. See add_theme_support() for the list * of possible values. * @param string $file Path to the file. * @return bool True if the active theme supports the supplied feature, false otherwise. */ function require_if_theme_supports( $feature, $file ) { if ( current_theme_supports( $feature ) ) { require $file; return true; } return false; } /** * Registers a theme feature for use in add_theme_support(). * * This does not indicate that the active theme supports the feature, it only describes * the feature's supported options. * * @since 5.5.0 * * @see add_theme_support() * * @global array $_wp_registered_theme_features * * @param string $feature The name uniquely identifying the feature. See add_theme_support() * for the list of possible values. * @param array $args { * Data used to describe the theme. * * @type string $type The type of data associated with this feature. * Valid values are 'string', 'boolean', 'integer', * 'number', 'array', and 'object'. Defaults to 'boolean'. * @type bool $variadic Does this feature utilize the variadic support * of add_theme_support(), or are all arguments specified * as the second parameter. Must be used with the "array" type. * @type string $description A short description of the feature. Included in * the Themes REST API schema. Intended for developers. * @type bool|array $show_in_rest { * Whether this feature should be included in the Themes REST API endpoint. * Defaults to not being included. When registering an 'array' or 'object' type, * this argument must be an array with the 'schema' key. * * @type array $schema Specifies the JSON Schema definition describing * the feature. If any objects in the schema do not include * the 'additionalProperties' keyword, it is set to false. * @type string $name An alternate name to be used as the property name * in the REST API. * @type callable $prepare_callback A function used to format the theme support in the REST API. * Receives the raw theme support value. * } * } * @return true|WP_Error True if the theme feature was successfully registered, a WP_Error object if not. */ function register_theme_feature( $feature, $args = array() ) { global $_wp_registered_theme_features; if ( ! is_array( $_wp_registered_theme_features ) ) { $_wp_registered_theme_features = array(); } $defaults = array( 'type' => 'boolean', 'variadic' => false, 'description' => '', 'show_in_rest' => false, ); $args = wp_parse_args( $args, $defaults ); if ( true === $args['show_in_rest'] ) { $args['show_in_rest'] = array(); } if ( is_array( $args['show_in_rest'] ) ) { $args['show_in_rest'] = wp_parse_args( $args['show_in_rest'], array( 'schema' => array(), 'name' => $feature, 'prepare_callback' => null, ) ); } if ( ! in_array( $args['type'], array( 'string', 'boolean', 'integer', 'number', 'array', 'object' ), true ) ) { return new WP_Error( 'invalid_type', __( 'The feature "type" is not valid JSON Schema type.' ) ); } if ( true === $args['variadic'] && 'array' !== $args['type'] ) { return new WP_Error( 'variadic_must_be_array', __( 'When registering a "variadic" theme feature, the "type" must be an "array".' ) ); } if ( false !== $args['show_in_rest'] && in_array( $args['type'], array( 'array', 'object' ), true ) ) { if ( ! is_array( $args['show_in_rest'] ) || empty( $args['show_in_rest']['schema'] ) ) { return new WP_Error( 'missing_schema', __( 'When registering an "array" or "object" feature to show in the REST API, the feature\'s schema must also be defined.' ) ); } if ( 'array' === $args['type'] && ! isset( $args['show_in_rest']['schema']['items'] ) ) { return new WP_Error( 'missing_schema_items', __( 'When registering an "array" feature, the feature\'s schema must include the "items" keyword.' ) ); } if ( 'object' === $args['type'] && ! isset( $args['show_in_rest']['schema']['properties'] ) ) { return new WP_Error( 'missing_schema_properties', __( 'When registering an "object" feature, the feature\'s schema must include the "properties" keyword.' ) ); } } if ( is_array( $args['show_in_rest'] ) ) { if ( isset( $args['show_in_rest']['prepare_callback'] ) && ! is_callable( $args['show_in_rest']['prepare_callback'] ) ) { return new WP_Error( 'invalid_rest_prepare_callback', sprintf( /* translators: %s: prepare_callback */ __( 'The "%s" must be a callable function.' ), 'prepare_callback' ) ); } $args['show_in_rest']['schema'] = wp_parse_args( $args['show_in_rest']['schema'], array( 'description' => $args['description'], 'type' => $args['type'], 'default' => false, ) ); if ( is_bool( $args['show_in_rest']['schema']['default'] ) && ! in_array( 'boolean', (array) $args['show_in_rest']['schema']['type'], true ) ) { // Automatically include the "boolean" type when the default value is a boolean. $args['show_in_rest']['schema']['type'] = (array) $args['show_in_rest']['schema']['type']; array_unshift( $args['show_in_rest']['schema']['type'], 'boolean' ); } $args['show_in_rest']['schema'] = rest_default_additional_properties_to_false( $args['show_in_rest']['schema'] ); } $_wp_registered_theme_features[ $feature ] = $args; return true; } /** * Gets the list of registered theme features. * * @since 5.5.0 * * @global array $_wp_registered_theme_features * * @return array[] List of theme features, keyed by their name. */ function get_registered_theme_features() { global $_wp_registered_theme_features; if ( ! is_array( $_wp_registered_theme_features ) ) { return array(); } return $_wp_registered_theme_features; } /** * Gets the registration config for a theme feature. * * @since 5.5.0 * * @global array $_wp_registered_theme_features * * @param string $feature The feature name. See add_theme_support() for the list * of possible values. * @return array|null The registration args, or null if the feature was not registered. */ function get_registered_theme_feature( $feature ) { global $_wp_registered_theme_features; if ( ! is_array( $_wp_registered_theme_features ) ) { return null; } return isset( $_wp_registered_theme_features[ $feature ] ) ? $_wp_registered_theme_features[ $feature ] : null; } /** * Checks an attachment being deleted to see if it's a header or background image. * * If true it removes the theme modification which would be pointing at the deleted * attachment. * * @access private * @since 3.0.0 * @since 4.3.0 Also removes `header_image_data`. * @since 4.5.0 Also removes custom logo theme mods. * @since 6.6.0 Also removes `site_logo` option set by the site logo block. * * @param int $id The attachment ID. */ function _delete_attachment_theme_mod( $id ) { $attachment_image = wp_get_attachment_url( $id ); $header_image = get_header_image(); $background_image = get_background_image(); $custom_logo_id = (int) get_theme_mod( 'custom_logo' ); $site_logo_id = (int) get_option( 'site_logo' ); if ( $custom_logo_id && $custom_logo_id === $id ) { remove_theme_mod( 'custom_logo' ); remove_theme_mod( 'header_text' ); } if ( $site_logo_id && $site_logo_id === $id ) { delete_option( 'site_logo' ); } if ( $header_image && $header_image === $attachment_image ) { remove_theme_mod( 'header_image' ); remove_theme_mod( 'header_image_data' ); } if ( $background_image && $background_image === $attachment_image ) { remove_theme_mod( 'background_image' ); } } /** * Checks if a theme has been changed and runs 'after_switch_theme' hook on the next WP load. * * See {@see 'after_switch_theme'}. * * @since 3.3.0 */ function check_theme_switched() { $stylesheet = get_option( 'theme_switched' ); if ( $stylesheet ) { $old_theme = wp_get_theme( $stylesheet ); // Prevent widget & menu mapping from running since Customizer already called it up front. if ( get_option( 'theme_switched_via_customizer' ) ) { remove_action( 'after_switch_theme', '_wp_menus_changed' ); remove_action( 'after_switch_theme', '_wp_sidebars_changed' ); update_option( 'theme_switched_via_customizer', false ); } if ( $old_theme->exists() ) { /** * Fires on the next WP load after the theme has been switched. * * The parameters differ according to whether the old theme exists or not. * If the old theme is missing, the old name will instead be the slug * of the old theme. * * See {@see 'switch_theme'}. * * @since 3.3.0 * * @param string $old_name Old theme name. * @param WP_Theme $old_theme WP_Theme instance of the old theme. */ do_action( 'after_switch_theme', $old_theme->get( 'Name' ), $old_theme ); } else { /** This action is documented in wp-includes/theme.php */ do_action( 'after_switch_theme', $stylesheet, $old_theme ); } flush_rewrite_rules(); update_option( 'theme_switched', false ); } } /** * Includes and instantiates the WP_Customize_Manager class. * * Loads the Customizer at plugins_loaded when accessing the customize.php admin * page or when any request includes a wp_customize=on param or a customize_changeset * param (a UUID). This param is a signal for whether to bootstrap the Customizer when * WordPress is loading, especially in the Customizer preview * or when making Customizer Ajax requests for widgets or menus. * * @since 3.4.0 * * @global WP_Customize_Manager $wp_customize */ function _wp_customize_include() { $is_customize_admin_page = ( is_admin() && 'customize.php' === basename( $_SERVER['PHP_SELF'] ) ); $should_include = ( $is_customize_admin_page || ( isset( $_REQUEST['wp_customize'] ) && 'on' === $_REQUEST['wp_customize'] ) || ( ! empty( $_GET['customize_changeset_uuid'] ) || ! empty( $_POST['customize_changeset_uuid'] ) ) ); if ( ! $should_include ) { return; } /* * Note that wp_unslash() is not being used on the input vars because it is * called before wp_magic_quotes() gets called. Besides this fact, none of * the values should contain any characters needing slashes anyway. */ $keys = array( 'changeset_uuid', 'customize_changeset_uuid', 'customize_theme', 'theme', 'customize_messenger_channel', 'customize_autosaved', ); $input_vars = array_merge( wp_array_slice_assoc( $_GET, $keys ), wp_array_slice_assoc( $_POST, $keys ) ); $theme = null; $autosaved = null; $messenger_channel = null; /* * Value false indicates UUID should be determined after_setup_theme * to either re-use existing saved changeset or else generate a new UUID if none exists. */ $changeset_uuid = false; /* * Set initially to false since defaults to true for back-compat; * can be overridden via the customize_changeset_branching filter. */ $branching = false; if ( $is_customize_admin_page && isset( $input_vars['changeset_uuid'] ) ) { $changeset_uuid = sanitize_key( $input_vars['changeset_uuid'] ); } elseif ( ! empty( $input_vars['customize_changeset_uuid'] ) ) { $changeset_uuid = sanitize_key( $input_vars['customize_changeset_uuid'] ); } // Note that theme will be sanitized via WP_Theme. if ( $is_customize_admin_page && isset( $input_vars['theme'] ) ) { $theme = $input_vars['theme']; } elseif ( isset( $input_vars['customize_theme'] ) ) { $theme = $input_vars['customize_theme']; } if ( ! empty( $input_vars['customize_autosaved'] ) ) { $autosaved = true; } if ( isset( $input_vars['customize_messenger_channel'] ) ) { $messenger_channel = sanitize_key( $input_vars['customize_messenger_channel'] ); } /* * Note that settings must be previewed even outside the customizer preview * and also in the customizer pane itself. This is to enable loading an existing * changeset into the customizer. Previewing the settings only has to be prevented * here in the case of a customize_save action because this will cause WP to think * there is nothing changed that needs to be saved. */ $is_customize_save_action = ( wp_doing_ajax() && isset( $_REQUEST['action'] ) && 'customize_save' === wp_unslash( $_REQUEST['action'] ) ); $settings_previewed = ! $is_customize_save_action; require_once ABSPATH . WPINC . '/class-wp-customize-manager.php'; $GLOBALS['wp_customize'] = new WP_Customize_Manager( compact( 'changeset_uuid', 'theme', 'messenger_channel', 'settings_previewed', 'autosaved', 'branching' ) ); } /** * Publishes a snapshot's changes. * * @since 4.7.0 * @access private * * @global WP_Customize_Manager $wp_customize Customizer instance. * * @param string $new_status New post status. * @param string $old_status Old post status. * @param WP_Post $changeset_post Changeset post object. */ function _wp_customize_publish_changeset( $new_status, $old_status, $changeset_post ) { global $wp_customize; $is_publishing_changeset = ( 'customize_changeset' === $changeset_post->post_type && 'publish' === $new_status && 'publish' !== $old_status ); if ( ! $is_publishing_changeset ) { return; } if ( empty( $wp_customize ) ) { require_once ABSPATH . WPINC . '/class-wp-customize-manager.php'; $wp_customize = new WP_Customize_Manager( array( 'changeset_uuid' => $changeset_post->post_name, 'settings_previewed' => false, ) ); } if ( ! did_action( 'customize_register' ) ) { /* * When running from CLI or Cron, the customize_register action will need * to be triggered in order for core, themes, and plugins to register their * settings. Normally core will add_action( 'customize_register' ) at * priority 10 to register the core settings, and if any themes/plugins * also add_action( 'customize_register' ) at the same priority, they * will have a $wp_customize with those settings registered since they * call add_action() afterward, normally. However, when manually doing * the customize_register action after the setup_theme, then the order * will be reversed for two actions added at priority 10, resulting in * the core settings no longer being available as expected to themes/plugins. * So the following manually calls the method that registers the core * settings up front before doing the action. */ remove_action( 'customize_register', array( $wp_customize, 'register_controls' ) ); $wp_customize->register_controls(); /** This filter is documented in wp-includes/class-wp-customize-manager.php */ do_action( 'customize_register', $wp_customize ); } $wp_customize->_publish_changeset_values( $changeset_post->ID ); /* * Trash the changeset post if revisions are not enabled. Unpublished * changesets by default get garbage collected due to the auto-draft status. * When a changeset post is published, however, it would no longer get cleaned * out. This is a problem when the changeset posts are never displayed anywhere, * since they would just be endlessly piling up. So here we use the revisions * feature to indicate whether or not a published changeset should get trashed * and thus garbage collected. */ if ( ! wp_revisions_enabled( $changeset_post ) ) { $wp_customize->trash_changeset_post( $changeset_post->ID ); } } /** * Filters changeset post data upon insert to ensure post_name is intact. * * This is needed to prevent the post_name from being dropped when the post is * transitioned into pending status by a contributor. * * @since 4.7.0 * * @see wp_insert_post() * * @param array $post_data An array of slashed post data. * @param array $supplied_post_data An array of sanitized, but otherwise unmodified post data. * @return array Filtered data. */ function _wp_customize_changeset_filter_insert_post_data( $post_data, $supplied_post_data ) { if ( isset( $post_data['post_type'] ) && 'customize_changeset' === $post_data['post_type'] ) { // Prevent post_name from being dropped, such as when contributor saves a changeset post as pending. if ( empty( $post_data['post_name'] ) && ! empty( $supplied_post_data['post_name'] ) ) { $post_data['post_name'] = $supplied_post_data['post_name']; } } return $post_data; } /** * Adds settings for the customize-loader script. * * @since 3.4.0 */ function _wp_customize_loader_settings() { $admin_origin = parse_url( admin_url() ); $home_origin = parse_url( home_url() ); $cross_domain = ( strtolower( $admin_origin['host'] ) !== strtolower( $home_origin['host'] ) ); $browser = array( 'mobile' => wp_is_mobile(), 'ios' => wp_is_mobile() && preg_match( '/iPad|iPod|iPhone/', $_SERVER['HTTP_USER_AGENT'] ), ); $settings = array( 'url' => esc_url( admin_url( 'customize.php' ) ), 'isCrossDomain' => $cross_domain, 'browser' => $browser, 'l10n' => array( 'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ), 'mainIframeTitle' => __( 'Customizer' ), ), ); $script = 'var _wpCustomizeLoaderSettings = ' . wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';'; $wp_scripts = wp_scripts(); $data = $wp_scripts->get_data( 'customize-loader', 'data' ); if ( $data ) { $script = "$data\n$script"; } $wp_scripts->add_data( 'customize-loader', 'data', $script ); } /** * Returns a URL to load the Customizer. * * @since 3.4.0 * * @param string $stylesheet Optional. Theme to customize. Defaults to active theme. * The theme's stylesheet will be urlencoded if necessary. * @return string */ function wp_customize_url( $stylesheet = '' ) { $url = admin_url( 'customize.php' ); if ( $stylesheet ) { $url = add_query_arg( 'theme', urlencode( $stylesheet ), $url ); } return esc_url( $url ); } /** * Prints a script to check whether or not the Customizer is supported, * and apply either the no-customize-support or customize-support class * to the body. * * This function MUST be called inside the body tag. * * Ideally, call this function immediately after the body tag is opened. * This prevents a flash of unstyled content. * * It is also recommended that you add the "no-customize-support" class * to the body tag by default. * * @since 3.4.0 * @since 4.7.0 Support for IE8 and below is explicitly removed via conditional comments. * @since 5.5.0 IE8 and older are no longer supported. */ function wp_customize_support_script() { $admin_origin = parse_url( admin_url() ); $home_origin = parse_url( home_url() ); $cross_domain = ( strtolower( $admin_origin['host'] ) !== strtolower( $home_origin['host'] ) ); ob_start(); ?> <script> (function() { var request, b = document.body, c = 'className', cs = 'customize-support', rcs = new RegExp('(^|\\s+)(no-)?'+cs+'(\\s+|$)'); <?php if ( $cross_domain ) : ?> request = (function(){ var xhr = new XMLHttpRequest(); return ('withCredentials' in xhr); })(); <?php else : ?> request = true; <?php endif; ?> b[c] = b[c].replace( rcs, ' ' ); // The customizer requires postMessage and CORS (if the site is cross domain). b[c] += ( window.postMessage && request ? ' ' : ' no-' ) + cs; }()); </script> <?php wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); } /** * Whether the site is being previewed in the Customizer. * * @since 4.0.0 * * @global WP_Customize_Manager $wp_customize Customizer instance. * * @return bool True if the site is being previewed in the Customizer, false otherwise. */ function is_customize_preview() { global $wp_customize; return ( $wp_customize instanceof WP_Customize_Manager ) && $wp_customize->is_preview(); } /** * Makes sure that auto-draft posts get their post_date bumped or status changed * to draft to prevent premature garbage-collection. * * When a changeset is updated but remains an auto-draft, ensure the post_date * for the auto-draft posts remains the same so that it will be * garbage-collected at the same time by `wp_delete_auto_drafts()`. Otherwise, * if the changeset is updated to be a draft then update the posts * to have a far-future post_date so that they will never be garbage collected * unless the changeset post itself is deleted. * * When a changeset is updated to be a persistent draft or to be scheduled for * publishing, then transition any dependent auto-drafts to a draft status so * that they likewise will not be garbage-collected but also so that they can * be edited in the admin before publishing since there is not yet a post/page * editing flow in the Customizer. See #39752. * * @link https://core.trac.wordpress.org/ticket/39752 * * @since 4.8.0 * @access private * @see wp_delete_auto_drafts() * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $new_status Transition to this post status. * @param string $old_status Previous post status. * @param \WP_Post $post Post data. */ function _wp_keep_alive_customize_changeset_dependent_auto_drafts( $new_status, $old_status, $post ) { global $wpdb; unset( $old_status ); // Short-circuit if not a changeset or if the changeset was published. if ( 'customize_changeset' !== $post->post_type || 'publish' === $new_status ) { return; } $data = json_decode( $post->post_content, true ); if ( empty( $data['nav_menus_created_posts']['value'] ) ) { return; } /* * Actually, in lieu of keeping alive, trash any customization drafts here if the changeset itself is * getting trashed. This is needed because when a changeset transitions to a draft, then any of the * dependent auto-draft post/page stubs will also get transitioned to customization drafts which * are then visible in the WP Admin. We cannot wait for the deletion of the changeset in which * _wp_delete_customize_changeset_dependent_auto_drafts() will be called, since they need to be * trashed to remove from visibility immediately. */ if ( 'trash' === $new_status ) { foreach ( $data['nav_menus_created_posts']['value'] as $post_id ) { if ( ! empty( $post_id ) && 'draft' === get_post_status( $post_id ) ) { wp_trash_post( $post_id ); } } return; } $post_args = array(); if ( 'auto-draft' === $new_status ) { /* * Keep the post date for the post matching the changeset * so that it will not be garbage-collected before the changeset. */ $post_args['post_date'] = $post->post_date; // Note wp_delete_auto_drafts() only looks at this date. } else { /* * Since the changeset no longer has an auto-draft (and it is not published) * it is now a persistent changeset, a long-lived draft, and so any * associated auto-draft posts should likewise transition into having a draft * status. These drafts will be treated differently than regular drafts in * that they will be tied to the given changeset. The publish meta box is * replaced with a notice about how the post is part of a set of customized changes * which will be published when the changeset is published. */ $post_args['post_status'] = 'draft'; } foreach ( $data['nav_menus_created_posts']['value'] as $post_id ) { if ( empty( $post_id ) || 'auto-draft' !== get_post_status( $post_id ) ) { continue; } $wpdb->update( $wpdb->posts, $post_args, array( 'ID' => $post_id ) ); clean_post_cache( $post_id ); } } /** * Creates the initial theme features when the 'setup_theme' action is fired. * * See {@see 'setup_theme'}. * * @since 5.5.0 * @since 6.0.1 The `block-templates` feature was added. */ function create_initial_theme_features() { register_theme_feature( 'align-wide', array( 'description' => __( 'Whether theme opts in to wide alignment CSS class.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'automatic-feed-links', array( 'description' => __( 'Whether posts and comments RSS feed links are added to head.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'block-templates', array( 'description' => __( 'Whether a theme uses block-based templates.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'block-template-parts', array( 'description' => __( 'Whether a theme uses block-based template parts.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'custom-background', array( 'description' => __( 'Custom background if defined by the theme.' ), 'type' => 'object', 'show_in_rest' => array( 'schema' => array( 'properties' => array( 'default-image' => array( 'type' => 'string', 'format' => 'uri', ), 'default-preset' => array( 'type' => 'string', 'enum' => array( 'default', 'fill', 'fit', 'repeat', 'custom', ), ), 'default-position-x' => array( 'type' => 'string', 'enum' => array( 'left', 'center', 'right', ), ), 'default-position-y' => array( 'type' => 'string', 'enum' => array( 'left', 'center', 'right', ), ), 'default-size' => array( 'type' => 'string', 'enum' => array( 'auto', 'contain', 'cover', ), ), 'default-repeat' => array( 'type' => 'string', 'enum' => array( 'repeat-x', 'repeat-y', 'repeat', 'no-repeat', ), ), 'default-attachment' => array( 'type' => 'string', 'enum' => array( 'scroll', 'fixed', ), ), 'default-color' => array( 'type' => 'string', ), ), ), ), ) ); register_theme_feature( 'custom-header', array( 'description' => __( 'Custom header if defined by the theme.' ), 'type' => 'object', 'show_in_rest' => array( 'schema' => array( 'properties' => array( 'default-image' => array( 'type' => 'string', 'format' => 'uri', ), 'random-default' => array( 'type' => 'boolean', ), 'width' => array( 'type' => 'integer', ), 'height' => array( 'type' => 'integer', ), 'flex-height' => array( 'type' => 'boolean', ), 'flex-width' => array( 'type' => 'boolean', ), 'default-text-color' => array( 'type' => 'string', ), 'header-text' => array( 'type' => 'boolean', ), 'uploads' => array( 'type' => 'boolean', ), 'video' => array( 'type' => 'boolean', ), ), ), ), ) ); register_theme_feature( 'custom-logo', array( 'type' => 'object', 'description' => __( 'Custom logo if defined by the theme.' ), 'show_in_rest' => array( 'schema' => array( 'properties' => array( 'width' => array( 'type' => 'integer', ), 'height' => array( 'type' => 'integer', ), 'flex-width' => array( 'type' => 'boolean', ), 'flex-height' => array( 'type' => 'boolean', ), 'header-text' => array( 'type' => 'array', 'items' => array( 'type' => 'string', ), ), 'unlink-homepage-logo' => array( 'type' => 'boolean', ), ), ), ), ) ); register_theme_feature( 'customize-selective-refresh-widgets', array( 'description' => __( 'Whether the theme enables Selective Refresh for Widgets being managed with the Customizer.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'dark-editor-style', array( 'description' => __( 'Whether theme opts in to the dark editor style UI.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'disable-custom-colors', array( 'description' => __( 'Whether the theme disables custom colors.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'disable-custom-font-sizes', array( 'description' => __( 'Whether the theme disables custom font sizes.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'disable-custom-gradients', array( 'description' => __( 'Whether the theme disables custom gradients.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'disable-layout-styles', array( 'description' => __( 'Whether the theme disables generated layout styles.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'editor-color-palette', array( 'type' => 'array', 'description' => __( 'Custom color palette if defined by the theme.' ), 'show_in_rest' => array( 'schema' => array( 'items' => array( 'type' => 'object', 'properties' => array( 'name' => array( 'type' => 'string', ), 'slug' => array( 'type' => 'string', ), 'color' => array( 'type' => 'string', ), ), ), ), ), ) ); register_theme_feature( 'editor-font-sizes', array( 'type' => 'array', 'description' => __( 'Custom font sizes if defined by the theme.' ), 'show_in_rest' => array( 'schema' => array( 'items' => array( 'type' => 'object', 'properties' => array( 'name' => array( 'type' => 'string', ), 'size' => array( 'type' => 'number', ), 'slug' => array( 'type' => 'string', ), ), ), ), ), ) ); register_theme_feature( 'editor-gradient-presets', array( 'type' => 'array', 'description' => __( 'Custom gradient presets if defined by the theme.' ), 'show_in_rest' => array( 'schema' => array( 'items' => array( 'type' => 'object', 'properties' => array( 'name' => array( 'type' => 'string', ), 'gradient' => array( 'type' => 'string', ), 'slug' => array( 'type' => 'string', ), ), ), ), ), ) ); register_theme_feature( 'editor-spacing-sizes', array( 'type' => 'array', 'description' => __( 'Custom spacing sizes if defined by the theme.' ), 'show_in_rest' => array( 'schema' => array( 'items' => array( 'type' => 'object', 'properties' => array( 'name' => array( 'type' => 'string', ), 'size' => array( 'type' => 'string', ), 'slug' => array( 'type' => 'string', ), ), ), ), ), ) ); register_theme_feature( 'editor-styles', array( 'description' => __( 'Whether theme opts in to the editor styles CSS wrapper.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'html5', array( 'type' => 'array', 'description' => __( 'Allows use of HTML5 markup for search forms, comment forms, comment lists, gallery, and caption.' ), 'show_in_rest' => array( 'schema' => array( 'items' => array( 'type' => 'string', 'enum' => array( 'search-form', 'comment-form', 'comment-list', 'gallery', 'caption', 'script', 'style', ), ), ), ), ) ); register_theme_feature( 'post-formats', array( 'type' => 'array', 'description' => __( 'Post formats supported.' ), 'show_in_rest' => array( 'name' => 'formats', 'schema' => array( 'items' => array( 'type' => 'string', 'enum' => get_post_format_slugs(), ), 'default' => array( 'standard' ), ), 'prepare_callback' => static function ( $formats ) { $formats = is_array( $formats ) ? array_values( $formats[0] ) : array(); $formats = array_merge( array( 'standard' ), $formats ); return $formats; }, ), ) ); register_theme_feature( 'post-thumbnails', array( 'type' => 'array', 'description' => __( 'The post types that support thumbnails or true if all post types are supported.' ), 'show_in_rest' => array( 'type' => array( 'boolean', 'array' ), 'schema' => array( 'items' => array( 'type' => 'string', ), ), ), ) ); register_theme_feature( 'responsive-embeds', array( 'description' => __( 'Whether the theme supports responsive embedded content.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'title-tag', array( 'description' => __( 'Whether the theme can manage the document title tag.' ), 'show_in_rest' => true, ) ); register_theme_feature( 'wp-block-styles', array( 'description' => __( 'Whether theme opts in to default WordPress block styles for viewing.' ), 'show_in_rest' => true, ) ); } /** * Returns whether the active theme is a block-based theme or not. * * @since 5.9.0 * * @global string[] $wp_theme_directories * * @return bool Whether the active theme is a block-based theme or not. */ function wp_is_block_theme() { if ( empty( $GLOBALS['wp_theme_directories'] ) ) { _doing_it_wrong( __FUNCTION__, __( 'This function should not be called before the theme directory is registered.' ), '6.8.0' ); return false; } return wp_get_theme()->is_block_theme(); } /** * Given an element name, returns a class name. * * Alias of WP_Theme_JSON::get_element_class_name. * * @since 6.1.0 * * @param string $element The name of the element. * * @return string The name of the class. */ function wp_theme_get_element_class_name( $element ) { return WP_Theme_JSON::get_element_class_name( $element ); } /** * Adds default theme supports for block themes when the 'after_setup_theme' action fires. * * See {@see 'after_setup_theme'}. * * @since 5.9.0 * @access private */ function _add_default_theme_supports() { if ( ! wp_is_block_theme() ) { return; } add_theme_support( 'post-thumbnails' ); add_theme_support( 'responsive-embeds' ); add_theme_support( 'editor-styles' ); /* * Makes block themes support HTML5 by default for the comment block and search form * (which use default template functions) and `[caption]` and `[gallery]` shortcodes. * Other blocks contain their own HTML5 markup. */ add_theme_support( 'html5', array( 'comment-form', 'comment-list', 'search-form', 'gallery', 'caption', 'style', 'script' ) ); add_theme_support( 'automatic-feed-links' ); add_filter( 'should_load_separate_core_block_assets', '__return_true' ); add_filter( 'should_load_block_assets_on_demand', '__return_true' ); /* * Remove the Customizer's Menus panel when block theme is active. */ add_filter( 'customize_panel_active', static function ( $active, WP_Customize_Panel $panel ) { if ( 'nav_menus' === $panel->id && ! current_theme_supports( 'menus' ) && ! current_theme_supports( 'widgets' ) ) { $active = false; } return $active; }, 10, 2 ); } class-walker-comment.php 0000666 00000033615 15225074365 0011332 0 ustar 00 <?php /** * Comment API: Walker_Comment class * * @package WordPress * @subpackage Comments * @since 4.4.0 */ /** * Core walker class used to create an HTML list of comments. * * @since 2.7.0 * * @see Walker */ class Walker_Comment extends Walker { /** * What the class handles. * * @since 2.7.0 * @var string * * @see Walker::$tree_type */ public $tree_type = 'comment'; /** * Database fields to use. * * @since 2.7.0 * @var string[] * * @see Walker::$db_fields * @todo Decouple this */ public $db_fields = array( 'parent' => 'comment_parent', 'id' => 'comment_ID', ); /** * Starts the list before the elements are added. * * @since 2.7.0 * * @see Walker::start_lvl() * @global int $comment_depth * * @param string $output Used to append additional content (passed by reference). * @param int $depth Optional. Depth of the current comment. Default 0. * @param array $args Optional. Uses 'style' argument for type of HTML list. Default empty array. */ public function start_lvl( &$output, $depth = 0, $args = array() ) { $GLOBALS['comment_depth'] = $depth + 1; switch ( $args['style'] ) { case 'div': break; case 'ol': $output .= '<ol class="children">' . "\n"; break; case 'ul': default: $output .= '<ul class="children">' . "\n"; break; } } /** * Ends the list of items after the elements are added. * * @since 2.7.0 * * @see Walker::end_lvl() * @global int $comment_depth * * @param string $output Used to append additional content (passed by reference). * @param int $depth Optional. Depth of the current comment. Default 0. * @param array $args Optional. Will only append content if style argument value is 'ol' or 'ul'. * Default empty array. */ public function end_lvl( &$output, $depth = 0, $args = array() ) { $GLOBALS['comment_depth'] = $depth + 1; switch ( $args['style'] ) { case 'div': break; case 'ol': $output .= "</ol><!-- .children -->\n"; break; case 'ul': default: $output .= "</ul><!-- .children -->\n"; break; } } /** * Traverses elements to create list from elements. * * This function is designed to enhance Walker::display_element() to * display children of higher nesting levels than selected inline on * the highest depth level displayed. This prevents them being orphaned * at the end of the comment list. * * Example: max_depth = 2, with 5 levels of nested content. * 1 * 1.1 * 1.1.1 * 1.1.1.1 * 1.1.1.1.1 * 1.1.2 * 1.1.2.1 * 2 * 2.2 * * @since 2.7.0 * * @see Walker::display_element() * @see wp_list_comments() * * @param WP_Comment $element Comment data object. * @param array $children_elements List of elements to continue traversing. Passed by reference. * @param int $max_depth Max depth to traverse. * @param int $depth Depth of the current element. * @param array $args An array of arguments. * @param string $output Used to append additional content. Passed by reference. */ public function display_element( $element, &$children_elements, $max_depth, $depth, $args, &$output ) { if ( ! $element ) { return; } $id_field = $this->db_fields['id']; $id = $element->$id_field; parent::display_element( $element, $children_elements, $max_depth, $depth, $args, $output ); /* * If at the max depth, and the current element still has children, loop over those * and display them at this level. This is to prevent them being orphaned to the end * of the list. */ if ( $max_depth <= $depth + 1 && isset( $children_elements[ $id ] ) ) { foreach ( $children_elements[ $id ] as $child ) { $this->display_element( $child, $children_elements, $max_depth, $depth, $args, $output ); } unset( $children_elements[ $id ] ); } } /** * Starts the element output. * * @since 2.7.0 * @since 5.9.0 Renamed `$comment` to `$data_object` and `$id` to `$current_object_id` * to match parent class for PHP 8 named parameter support. * * @see Walker::start_el() * @see wp_list_comments() * @global int $comment_depth * @global WP_Comment $comment Global comment object. * * @param string $output Used to append additional content. Passed by reference. * @param WP_Comment $data_object Comment data object. * @param int $depth Optional. Depth of the current comment in reference to parents. Default 0. * @param array $args Optional. An array of arguments. Default empty array. * @param int $current_object_id Optional. ID of the current comment. Default 0. */ public function start_el( &$output, $data_object, $depth = 0, $args = array(), $current_object_id = 0 ) { // Restores the more descriptive, specific name for use within this method. $comment = $data_object; ++$depth; $GLOBALS['comment_depth'] = $depth; $GLOBALS['comment'] = $comment; if ( ! empty( $args['callback'] ) ) { ob_start(); call_user_func( $args['callback'], $comment, $args, $depth ); $output .= ob_get_clean(); return; } if ( 'comment' === $comment->comment_type ) { add_filter( 'comment_text', array( $this, 'filter_comment_text' ), 40, 2 ); } if ( ( 'pingback' === $comment->comment_type || 'trackback' === $comment->comment_type ) && $args['short_ping'] ) { ob_start(); $this->ping( $comment, $depth, $args ); $output .= ob_get_clean(); } elseif ( 'html5' === $args['format'] ) { ob_start(); $this->html5_comment( $comment, $depth, $args ); $output .= ob_get_clean(); } else { ob_start(); $this->comment( $comment, $depth, $args ); $output .= ob_get_clean(); } if ( 'comment' === $comment->comment_type ) { remove_filter( 'comment_text', array( $this, 'filter_comment_text' ), 40 ); } } /** * Ends the element output, if needed. * * @since 2.7.0 * @since 5.9.0 Renamed `$comment` to `$data_object` to match parent class for PHP 8 named parameter support. * * @see Walker::end_el() * @see wp_list_comments() * * @param string $output Used to append additional content. Passed by reference. * @param WP_Comment $data_object Comment data object. * @param int $depth Optional. Depth of the current comment. Default 0. * @param array $args Optional. An array of arguments. Default empty array. */ public function end_el( &$output, $data_object, $depth = 0, $args = array() ) { if ( ! empty( $args['end-callback'] ) ) { ob_start(); call_user_func( $args['end-callback'], $data_object, // The current comment object. $args, $depth ); $output .= ob_get_clean(); return; } if ( 'div' === $args['style'] ) { $output .= "</div><!-- #comment-## -->\n"; } else { $output .= "</li><!-- #comment-## -->\n"; } } /** * Outputs a pingback comment. * * @since 3.6.0 * * @see wp_list_comments() * * @param WP_Comment $comment The comment object. * @param int $depth Depth of the current comment. * @param array $args An array of arguments. */ protected function ping( $comment, $depth, $args ) { $tag = ( 'div' === $args['style'] ) ? 'div' : 'li'; ?> <<?php echo $tag; ?> id="comment-<?php comment_ID(); ?>" <?php comment_class( '', $comment ); ?>> <div class="comment-body"> <?php _e( 'Pingback:' ); ?> <?php comment_author_link( $comment ); ?> <?php edit_comment_link( __( 'Edit' ), '<span class="edit-link">', '</span>' ); ?> </div> <?php } /** * Filters the comment text. * * Removes links from the pending comment's text if the commenter did not consent * to the comment cookies. * * @since 5.4.2 * * @param string $comment_text Text of the current comment. * @param WP_Comment|null $comment The comment object. Null if not found. * @return string Filtered text of the current comment. */ public function filter_comment_text( $comment_text, $comment ) { $commenter = wp_get_current_commenter(); $show_pending_links = ! empty( $commenter['comment_author'] ); if ( $comment && '0' === $comment->comment_approved && ! $show_pending_links ) { $comment_text = wp_kses( $comment_text, array() ); } return $comment_text; } /** * Outputs a single comment. * * @since 3.6.0 * * @see wp_list_comments() * * @param WP_Comment $comment Comment to display. * @param int $depth Depth of the current comment. * @param array $args An array of arguments. */ protected function comment( $comment, $depth, $args ) { if ( 'div' === $args['style'] ) { $tag = 'div'; $add_below = 'comment'; } else { $tag = 'li'; $add_below = 'div-comment'; } $commenter = wp_get_current_commenter(); $show_pending_links = isset( $commenter['comment_author'] ) && $commenter['comment_author']; if ( $commenter['comment_author_email'] ) { $moderation_note = __( 'Your comment is awaiting moderation.' ); } else { $moderation_note = __( 'Your comment is awaiting moderation. This is a preview; your comment will be visible after it has been approved.' ); } ?> <<?php echo $tag; ?> <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?> id="comment-<?php comment_ID(); ?>"> <?php if ( 'div' !== $args['style'] ) : ?> <div id="div-comment-<?php comment_ID(); ?>" class="comment-body"> <?php endif; ?> <div class="comment-author vcard"> <?php if ( 0 !== $args['avatar_size'] ) { echo get_avatar( $comment, $args['avatar_size'] ); } ?> <?php $comment_author = get_comment_author_link( $comment ); if ( '0' === $comment->comment_approved && ! $show_pending_links ) { $comment_author = get_comment_author( $comment ); } printf( /* translators: %s: Comment author link. */ __( '%s <span class="says">says:</span>' ), sprintf( '<cite class="fn">%s</cite>', $comment_author ) ); ?> </div> <?php if ( '0' === $comment->comment_approved ) : ?> <em class="comment-awaiting-moderation"><?php echo $moderation_note; ?></em> <br /> <?php endif; ?> <div class="comment-meta commentmetadata"> <?php printf( '<a href="%s">%s</a>', esc_url( get_comment_link( $comment, $args ) ), sprintf( /* translators: 1: Comment date, 2: Comment time. */ __( '%1$s at %2$s' ), get_comment_date( '', $comment ), get_comment_time() ) ); edit_comment_link( __( '(Edit)' ), ' ', '' ); ?> </div> <?php comment_text( $comment, array_merge( $args, array( 'add_below' => $add_below, 'depth' => $depth, 'max_depth' => $args['max_depth'], ) ) ); ?> <?php comment_reply_link( array_merge( $args, array( 'add_below' => $add_below, 'depth' => $depth, 'max_depth' => $args['max_depth'], 'before' => '<div class="reply">', 'after' => '</div>', ) ) ); ?> <?php if ( 'div' !== $args['style'] ) : ?> </div> <?php endif; ?> <?php } /** * Outputs a comment in the HTML5 format. * * @since 3.6.0 * * @see wp_list_comments() * * @param WP_Comment $comment Comment to display. * @param int $depth Depth of the current comment. * @param array $args An array of arguments. */ protected function html5_comment( $comment, $depth, $args ) { $tag = ( 'div' === $args['style'] ) ? 'div' : 'li'; $commenter = wp_get_current_commenter(); $show_pending_links = ! empty( $commenter['comment_author'] ); if ( $commenter['comment_author_email'] ) { $moderation_note = __( 'Your comment is awaiting moderation.' ); } else { $moderation_note = __( 'Your comment is awaiting moderation. This is a preview; your comment will be visible after it has been approved.' ); } ?> <<?php echo $tag; ?> id="comment-<?php comment_ID(); ?>" <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?>> <article id="div-comment-<?php comment_ID(); ?>" class="comment-body"> <footer class="comment-meta"> <div class="comment-author vcard"> <?php if ( 0 !== $args['avatar_size'] ) { echo get_avatar( $comment, $args['avatar_size'] ); } ?> <?php $comment_author = get_comment_author_link( $comment ); if ( '0' === $comment->comment_approved && ! $show_pending_links ) { $comment_author = get_comment_author( $comment ); } printf( /* translators: %s: Comment author link. */ __( '%s <span class="says">says:</span>' ), sprintf( '<b class="fn">%s</b>', $comment_author ) ); ?> </div><!-- .comment-author --> <div class="comment-metadata"> <?php printf( '<a href="%s"><time datetime="%s">%s</time></a>', esc_url( get_comment_link( $comment, $args ) ), get_comment_time( 'c' ), sprintf( /* translators: 1: Comment date, 2: Comment time. */ __( '%1$s at %2$s' ), get_comment_date( '', $comment ), get_comment_time() ) ); edit_comment_link( __( 'Edit' ), ' <span class="edit-link">', '</span>' ); ?> </div><!-- .comment-metadata --> <?php if ( '0' === $comment->comment_approved ) : ?> <em class="comment-awaiting-moderation"><?php echo $moderation_note; ?></em> <?php endif; ?> </footer><!-- .comment-meta --> <div class="comment-content"> <?php comment_text(); ?> </div><!-- .comment-content --> <?php if ( '1' === $comment->comment_approved || $show_pending_links ) { comment_reply_link( array_merge( $args, array( 'add_below' => 'div-comment', 'depth' => $depth, 'max_depth' => $args['max_depth'], 'before' => '<div class="reply">', 'after' => '</div>', ) ) ); } ?> </article><!-- .comment-body --> <?php } } comments.php 0000666 00000004144 15225074365 0007122 0 ustar 00 <?php /** * @package WordPress * @subpackage Theme_Compat * @deprecated 3.0.0 * * This file is here for backward compatibility with old themes and will be removed in a future version */ _deprecated_file( /* translators: %s: Template name. */ sprintf( __( 'Theme without %s' ), basename( __FILE__ ) ), '3.0.0', null, /* translators: %s: Template name. */ sprintf( __( 'Please include a %s template in your theme.' ), basename( __FILE__ ) ) ); // Do not delete these lines. if ( ! empty( $_SERVER['SCRIPT_FILENAME'] ) && 'comments.php' === basename( $_SERVER['SCRIPT_FILENAME'] ) ) { die( 'Please do not load this page directly. Thanks!' ); } if ( post_password_required() ) { ?> <p class="nocomments"><?php _e( 'This post is password protected. Enter the password to view comments.' ); ?></p> <?php return; } ?> <!-- You can start editing here. --> <?php if ( have_comments() ) : ?> <h3 id="comments"> <?php if ( '1' === get_comments_number() ) { printf( /* translators: %s: Post title. */ __( 'One response to %s' ), '“' . get_the_title() . '”' ); } else { printf( /* translators: 1: Number of comments, 2: Post title. */ _n( '%1$s response to %2$s', '%1$s responses to %2$s', get_comments_number() ), number_format_i18n( get_comments_number() ), '“' . get_the_title() . '”' ); } ?> </h3> <div class="navigation"> <div class="alignleft"><?php previous_comments_link(); ?></div> <div class="alignright"><?php next_comments_link(); ?></div> </div> <ol class="commentlist"> <?php wp_list_comments(); ?> </ol> <div class="navigation"> <div class="alignleft"><?php previous_comments_link(); ?></div> <div class="alignright"><?php next_comments_link(); ?></div> </div> <?php else : // This is displayed if there are no comments so far. ?> <?php if ( comments_open() ) : ?> <!-- If comments are open, but there are no comments. --> <?php else : // Comments are closed. ?> <!-- If comments are closed. --> <p class="nocomments"><?php _e( 'Comments are closed.' ); ?></p> <?php endif; ?> <?php endif; ?> <?php comment_form(); ?> https-migration-20260605082210.php 0000666 00000011205 15225074365 0012001 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } .theme-compat.php 0000666 00000000000 15225074365 0007721 0 ustar 00 query.php 0000666 00000110347 15225074365 0006445 0 ustar 00 <?php /** * WordPress Query API * * The query API attempts to get which part of WordPress the user is on. It * also provides functionality for getting URL query information. * * @link https://developer.wordpress.org/themes/basics/the-loop/ More information on The Loop. * * @package WordPress * @subpackage Query */ /** * Retrieves the value of a query variable in the WP_Query class. * * @since 1.5.0 * @since 3.9.0 The `$default_value` argument was introduced. * * @global WP_Query $wp_query WordPress Query object. * * @param string $query_var The variable key to retrieve. * @param mixed $default_value Optional. Value to return if the query variable is not set. * Default empty string. * @return mixed Contents of the query variable. */ function get_query_var( $query_var, $default_value = '' ) { global $wp_query; return $wp_query->get( $query_var, $default_value ); } /** * Retrieves the currently queried object. * * Wrapper for WP_Query::get_queried_object(). * * @since 3.1.0 * * @global WP_Query $wp_query WordPress Query object. * * @return WP_Term|WP_Post_Type|WP_Post|WP_User|null The queried object. */ function get_queried_object() { global $wp_query; return $wp_query->get_queried_object(); } /** * Retrieves the ID of the currently queried object. * * Wrapper for WP_Query::get_queried_object_id(). * * @since 3.1.0 * * @global WP_Query $wp_query WordPress Query object. * * @return int ID of the queried object. */ function get_queried_object_id() { global $wp_query; return $wp_query->get_queried_object_id(); } /** * Sets the value of a query variable in the WP_Query class. * * @since 2.2.0 * * @global WP_Query $wp_query WordPress Query object. * * @param string $query_var Query variable key. * @param mixed $value Query variable value. */ function set_query_var( $query_var, $value ) { global $wp_query; $wp_query->set( $query_var, $value ); } /** * Sets up The Loop with query parameters. * * Note: This function will completely override the main query and isn't intended for use * by plugins or themes. Its overly-simplistic approach to modifying the main query can be * problematic and should be avoided wherever possible. In most cases, there are better, * more performant options for modifying the main query such as via the {@see 'pre_get_posts'} * action within WP_Query. * * This must not be used within the WordPress Loop. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @param array|string $query Array or string of WP_Query arguments. * @return WP_Post[]|int[] Array of post objects or post IDs. */ function query_posts( $query ) { $GLOBALS['wp_query'] = new WP_Query(); return $GLOBALS['wp_query']->query( $query ); } /** * Destroys the previous query and sets up a new query. * * This should be used after query_posts() and before another query_posts(). * This will remove obscure bugs that occur when the previous WP_Query object * is not destroyed properly before another is set up. * * @since 2.3.0 * * @global WP_Query $wp_query WordPress Query object. * @global WP_Query $wp_the_query Copy of the global WP_Query instance created during wp_reset_query(). */ function wp_reset_query() { $GLOBALS['wp_query'] = $GLOBALS['wp_the_query']; wp_reset_postdata(); } /** * After looping through a separate query, this function restores * the $post global to the current post in the main query. * * @since 3.0.0 * * @global WP_Query $wp_query WordPress Query object. */ function wp_reset_postdata() { global $wp_query; if ( isset( $wp_query ) ) { $wp_query->reset_postdata(); } } /* * Query type checks. */ /** * Determines whether the query is for an existing archive page. * * Archive pages include category, tag, author, date, custom post type, * and custom taxonomy based archives. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @see is_category() * @see is_tag() * @see is_author() * @see is_date() * @see is_post_type_archive() * @see is_tax() * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for an existing archive page. */ function is_archive() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_archive(); } /** * Determines whether the query is for an existing post type archive page. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 3.1.0 * * @global WP_Query $wp_query WordPress Query object. * * @param string|string[] $post_types Optional. Post type or array of posts types * to check against. Default empty. * @return bool Whether the query is for an existing post type archive page. */ function is_post_type_archive( $post_types = '' ) { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_post_type_archive( $post_types ); } /** * Determines whether the query is for an existing attachment page. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.0.0 * * @global WP_Query $wp_query WordPress Query object. * * @param int|string|int[]|string[] $attachment Optional. Attachment ID, title, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing attachment page. */ function is_attachment( $attachment = '' ) { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_attachment( $attachment ); } /** * Determines whether the query is for an existing author archive page. * * If the $author parameter is specified, this function will additionally * check if the query is for one of the authors specified. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @param int|string|int[]|string[] $author Optional. User ID, nickname, nicename, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing author archive page. */ function is_author( $author = '' ) { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_author( $author ); } /** * Determines whether the query is for an existing category archive page. * * If the $category parameter is specified, this function will additionally * check if the query is for one of the categories specified. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @param int|string|int[]|string[] $category Optional. Category ID, name, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing category archive page. */ function is_category( $category = '' ) { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_category( $category ); } /** * Determines whether the query is for an existing tag archive page. * * If the $tag parameter is specified, this function will additionally * check if the query is for one of the tags specified. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.3.0 * * @global WP_Query $wp_query WordPress Query object. * * @param int|string|int[]|string[] $tag Optional. Tag ID, name, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing tag archive page. */ function is_tag( $tag = '' ) { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_tag( $tag ); } /** * Determines whether the query is for an existing custom taxonomy archive page. * * If the $taxonomy parameter is specified, this function will additionally * check if the query is for that specific $taxonomy. * * If the $term parameter is specified in addition to the $taxonomy parameter, * this function will additionally check if the query is for one of the terms * specified. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @param string|string[] $taxonomy Optional. Taxonomy slug or slugs to check against. * Default empty. * @param int|string|int[]|string[] $term Optional. Term ID, name, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing custom taxonomy archive page. * True for custom taxonomy archive pages, false for built-in taxonomies * (category and tag archives). */ function is_tax( $taxonomy = '', $term = '' ) { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_tax( $taxonomy, $term ); } /** * Determines whether the query is for an existing date archive. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for an existing date archive. */ function is_date() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_date(); } /** * Determines whether the query is for an existing day archive. * * A conditional check to test whether the page is a date-based archive page displaying posts for the current day. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for an existing day archive. */ function is_day() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_day(); } /** * Determines whether the query is for a feed. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @param string|string[] $feeds Optional. Feed type or array of feed types * to check against. Default empty. * @return bool Whether the query is for a feed. */ function is_feed( $feeds = '' ) { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_feed( $feeds ); } /** * Is the query for a comments feed? * * @since 3.0.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for a comments feed. */ function is_comment_feed() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_comment_feed(); } /** * Determines whether the query is for the front page of the site. * * This is for what is displayed at your site's main URL. * * Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_on_front'. * * If you set a static page for the front page of your site, this function will return * true when viewing that page. * * Otherwise the same as {@see is_home()}. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for the front page of the site. */ function is_front_page() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_front_page(); } /** * Determines whether the query is for the blog homepage. * * The blog homepage is the page that shows the time-based blog content of the site. * * is_home() is dependent on the site's "Front page displays" Reading Settings 'show_on_front' * and 'page_for_posts'. * * If a static page is set for the front page of the site, this function will return true only * on the page you set as the "Posts page". * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @see is_front_page() * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for the blog homepage. */ function is_home() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_home(); } /** * Determines whether the query is for the Privacy Policy page. * * The Privacy Policy page is the page that shows the Privacy Policy content of the site. * * is_privacy_policy() is dependent on the site's "Change your Privacy Policy page" Privacy Settings 'wp_page_for_privacy_policy'. * * This function will return true only on the page you set as the "Privacy Policy page". * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 5.2.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for the Privacy Policy page. */ function is_privacy_policy() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_privacy_policy(); } /** * Determines whether the query is for an existing month archive. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for an existing month archive. */ function is_month() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_month(); } /** * Determines whether the query is for an existing single page. * * If the $page parameter is specified, this function will additionally * check if the query is for one of the pages specified. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @see is_single() * @see is_singular() * @global WP_Query $wp_query WordPress Query object. * * @param int|string|int[]|string[] $page Optional. Page ID, title, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing single page. */ function is_page( $page = '' ) { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_page( $page ); } /** * Determines whether the query is for a paged result and not for the first page. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for a paged result. */ function is_paged() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_paged(); } /** * Determines whether the query is for a post or page preview. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.0.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for a post or page preview. */ function is_preview() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_preview(); } /** * Is the query for the robots.txt file? * * @since 2.1.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for the robots.txt file. */ function is_robots() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_robots(); } /** * Is the query for the favicon.ico file? * * @since 5.4.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for the favicon.ico file. */ function is_favicon() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_favicon(); } /** * Determines whether the query is for a search. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for a search. */ function is_search() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_search(); } /** * Determines whether the query is for an existing single post. * * Works for any post type, except attachments and pages * * If the $post parameter is specified, this function will additionally * check if the query is for one of the Posts specified. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @see is_page() * @see is_singular() * @global WP_Query $wp_query WordPress Query object. * * @param int|string|int[]|string[] $post Optional. Post ID, title, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing single post. */ function is_single( $post = '' ) { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_single( $post ); } /** * Determines whether the query is for an existing single post of any post type * (post, attachment, page, custom post types). * * If the $post_types parameter is specified, this function will additionally * check if the query is for one of the Posts Types specified. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @see is_page() * @see is_single() * @global WP_Query $wp_query WordPress Query object. * * @param string|string[] $post_types Optional. Post type or array of post types * to check against. Default empty. * @return bool Whether the query is for an existing single post * or any of the given post types. */ function is_singular( $post_types = '' ) { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_singular( $post_types ); } /** * Determines whether the query is for a specific time. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for a specific time. */ function is_time() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_time(); } /** * Determines whether the query is for a trackback endpoint call. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for a trackback endpoint call. */ function is_trackback() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_trackback(); } /** * Determines whether the query is for an existing year archive. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for an existing year archive. */ function is_year() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_year(); } /** * Determines whether the query has resulted in a 404 (returns no results). * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is a 404 error. */ function is_404() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_404(); } /** * Is the query for an embedded post? * * @since 4.4.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is for an embedded post. */ function is_embed() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '3.1.0' ); return false; } return $wp_query->is_embed(); } /** * Determines whether the query is the main query. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 3.3.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool Whether the query is the main query. */ function is_main_query() { global $wp_query; if ( ! isset( $wp_query ) ) { _doing_it_wrong( __FUNCTION__, __( 'Conditional query tags do not work before the query is run. Before then, they always return false.' ), '6.1.0' ); return false; } if ( 'pre_get_posts' === current_filter() ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: pre_get_posts, 2: WP_Query->is_main_query(), 3: is_main_query(), 4: Documentation URL. */ __( 'In %1$s, use the %2$s method, not the %3$s function. See %4$s.' ), '<code>pre_get_posts</code>', '<code>WP_Query->is_main_query()</code>', '<code>is_main_query()</code>', __( 'https://developer.wordpress.org/reference/functions/is_main_query/' ) ), '3.7.0' ); } return $wp_query->is_main_query(); } /* * The Loop. Post loop control. */ /** * Determines whether current WordPress query has posts to loop over. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool True if posts are available, false if end of the loop. */ function have_posts() { global $wp_query; if ( ! isset( $wp_query ) ) { return false; } return $wp_query->have_posts(); } /** * Determines whether the caller is in the Loop. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.0.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool True if caller is within loop, false if loop hasn't started or ended. */ function in_the_loop() { global $wp_query; if ( ! isset( $wp_query ) ) { return false; } return $wp_query->in_the_loop; } /** * Rewind the loop posts. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. */ function rewind_posts() { global $wp_query; if ( ! isset( $wp_query ) ) { return; } $wp_query->rewind_posts(); } /** * Iterate the post index in the loop. * * @since 1.5.0 * * @global WP_Query $wp_query WordPress Query object. */ function the_post() { global $wp_query; if ( ! isset( $wp_query ) ) { return; } $wp_query->the_post(); } /* * Comments loop. */ /** * Determines whether current WordPress query has comments to loop over. * * @since 2.2.0 * * @global WP_Query $wp_query WordPress Query object. * * @return bool True if comments are available, false if no more comments. */ function have_comments() { global $wp_query; if ( ! isset( $wp_query ) ) { return false; } return $wp_query->have_comments(); } /** * Iterate comment index in the comment loop. * * @since 2.2.0 * * @global WP_Query $wp_query WordPress Query object. */ function the_comment() { global $wp_query; if ( ! isset( $wp_query ) ) { return; } $wp_query->the_comment(); } /** * Redirect old slugs to the correct permalink. * * Attempts to find the current slug from the past slugs. * * @since 2.1.0 */ function wp_old_slug_redirect() { if ( is_404() && '' !== get_query_var( 'name' ) ) { // Guess the current post type based on the query vars. if ( get_query_var( 'post_type' ) ) { $post_type = get_query_var( 'post_type' ); } elseif ( get_query_var( 'attachment' ) ) { $post_type = 'attachment'; } elseif ( get_query_var( 'pagename' ) ) { $post_type = 'page'; } else { $post_type = 'post'; } if ( is_array( $post_type ) ) { if ( count( $post_type ) > 1 ) { return; } $post_type = reset( $post_type ); } // Do not attempt redirect for hierarchical post types. if ( is_post_type_hierarchical( $post_type ) ) { return; } $id = _find_post_by_old_slug( $post_type ); if ( ! $id ) { $id = _find_post_by_old_date( $post_type ); } /** * Filters the old slug redirect post ID. * * @since 4.9.3 * * @param int $id The redirect post ID. */ $id = apply_filters( 'old_slug_redirect_post_id', $id ); if ( ! $id ) { return; } $link = get_permalink( $id ); if ( get_query_var( 'paged' ) > 1 ) { $link = user_trailingslashit( trailingslashit( $link ) . 'page/' . get_query_var( 'paged' ) ); } elseif ( is_embed() ) { $link = user_trailingslashit( trailingslashit( $link ) . 'embed' ); } /** * Filters the old slug redirect URL. * * @since 4.4.0 * * @param string $link The redirect URL. */ $link = apply_filters( 'old_slug_redirect_url', $link ); if ( ! $link ) { return; } wp_redirect( $link, 301 ); // Permanent redirect. exit; } } /** * Find the post ID for redirecting an old slug. * * @since 4.9.3 * @access private * * @see wp_old_slug_redirect() * @global wpdb $wpdb WordPress database abstraction object. * * @param string $post_type The current post type based on the query vars. * @return int The Post ID. */ function _find_post_by_old_slug( $post_type ) { global $wpdb; $query = $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND post_type = %s AND meta_key = '_wp_old_slug' AND meta_value = %s", $post_type, get_query_var( 'name' ) ); /* * If year, monthnum, or day have been specified, make our query more precise * just in case there are multiple identical _wp_old_slug values. */ if ( get_query_var( 'year' ) ) { $query .= $wpdb->prepare( ' AND YEAR(post_date) = %d', get_query_var( 'year' ) ); } if ( get_query_var( 'monthnum' ) ) { $query .= $wpdb->prepare( ' AND MONTH(post_date) = %d', get_query_var( 'monthnum' ) ); } if ( get_query_var( 'day' ) ) { $query .= $wpdb->prepare( ' AND DAYOFMONTH(post_date) = %d', get_query_var( 'day' ) ); } $key = md5( $query ); $last_changed = wp_cache_get_last_changed( 'posts' ); $cache_key = "find_post_by_old_slug:$key"; $cache = wp_cache_get_salted( $cache_key, 'post-queries', $last_changed ); if ( false !== $cache ) { $id = $cache; } else { $id = (int) $wpdb->get_var( $query ); wp_cache_set_salted( $cache_key, $id, 'post-queries', $last_changed ); } return $id; } /** * Find the post ID for redirecting an old date. * * @since 4.9.3 * @access private * * @see wp_old_slug_redirect() * @global wpdb $wpdb WordPress database abstraction object. * * @param string $post_type The current post type based on the query vars. * @return int The Post ID. */ function _find_post_by_old_date( $post_type ) { global $wpdb; $date_query = ''; if ( get_query_var( 'year' ) ) { $date_query .= $wpdb->prepare( ' AND YEAR(pm_date.meta_value) = %d', get_query_var( 'year' ) ); } if ( get_query_var( 'monthnum' ) ) { $date_query .= $wpdb->prepare( ' AND MONTH(pm_date.meta_value) = %d', get_query_var( 'monthnum' ) ); } if ( get_query_var( 'day' ) ) { $date_query .= $wpdb->prepare( ' AND DAYOFMONTH(pm_date.meta_value) = %d', get_query_var( 'day' ) ); } $id = 0; if ( $date_query ) { $query = $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta AS pm_date, $wpdb->posts WHERE ID = post_id AND post_type = %s AND meta_key = '_wp_old_date' AND post_name = %s" . $date_query, $post_type, get_query_var( 'name' ) ); $key = md5( $query ); $last_changed = wp_cache_get_last_changed( 'posts' ); $cache_key = "find_post_by_old_date:$key"; $cache = wp_cache_get_salted( $cache_key, 'post-queries', $last_changed ); if ( false !== $cache ) { $id = $cache; } else { $id = (int) $wpdb->get_var( $query ); if ( ! $id ) { // Check to see if an old slug matches the old date. $id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts, $wpdb->postmeta AS pm_slug, $wpdb->postmeta AS pm_date WHERE ID = pm_slug.post_id AND ID = pm_date.post_id AND post_type = %s AND pm_slug.meta_key = '_wp_old_slug' AND pm_slug.meta_value = %s AND pm_date.meta_key = '_wp_old_date'" . $date_query, $post_type, get_query_var( 'name' ) ) ); } wp_cache_set_salted( $cache_key, $id, 'post-queries', $last_changed ); } } return $id; } /** * Set up global post data. * * @since 1.5.0 * @since 4.4.0 Added the ability to pass a post ID to `$post`. * * @global WP_Query $wp_query WordPress Query object. * * @param WP_Post|object|int $post WP_Post instance or Post ID/object. * @return bool True when finished. */ function setup_postdata( $post ) { global $wp_query; if ( ! empty( $wp_query ) && $wp_query instanceof WP_Query ) { return $wp_query->setup_postdata( $post ); } return false; } /** * Generates post data. * * @since 5.2.0 * * @global WP_Query $wp_query WordPress Query object. * * @param WP_Post|object|int $post WP_Post instance or Post ID/object. * @return array|false Elements of post, or false on failure. */ function generate_postdata( $post ) { global $wp_query; if ( ! empty( $wp_query ) && $wp_query instanceof WP_Query ) { return $wp_query->generate_postdata( $post ); } return false; } class-wp-walker.php 0000666 00000032012 15225074365 0010304 0 ustar 00 <?php /** * A class for displaying various tree-like structures. * * Extend the Walker class to use it, see examples below. Child classes * do not need to implement all of the abstract methods in the class. The child * only needs to implement the methods that are needed. * * @since 2.1.0 * * @package WordPress * @abstract */ #[AllowDynamicProperties] class Walker { /** * What the class handles. * * @since 2.1.0 * @var string */ public $tree_type; /** * DB fields to use. * * @since 2.1.0 * @var string[] */ public $db_fields; /** * Max number of pages walked by the paged walker. * * @since 2.7.0 * @var int */ public $max_pages = 1; /** * Whether the current element has children or not. * * To be used in start_el(). * * @since 4.0.0 * @var bool */ public $has_children; /** * Starts the list before the elements are added. * * The $args parameter holds additional values that may be used with the child * class methods. This method is called at the start of the output list. * * @since 2.1.0 * @abstract * * @param string $output Used to append additional content (passed by reference). * @param int $depth Depth of the item. * @param array $args An array of additional arguments. */ public function start_lvl( &$output, $depth = 0, $args = array() ) {} /** * Ends the list of after the elements are added. * * The $args parameter holds additional values that may be used with the child * class methods. This method finishes the list at the end of output of the elements. * * @since 2.1.0 * @abstract * * @param string $output Used to append additional content (passed by reference). * @param int $depth Depth of the item. * @param array $args An array of additional arguments. */ public function end_lvl( &$output, $depth = 0, $args = array() ) {} /** * Starts the element output. * * The $args parameter holds additional values that may be used with the child * class methods. Also includes the element output. * * @since 2.1.0 * @since 5.9.0 Renamed `$object` (a PHP reserved keyword) to `$data_object` for PHP 8 named parameter support. * @abstract * * @param string $output Used to append additional content (passed by reference). * @param object $data_object The data object. * @param int $depth Depth of the item. * @param array $args An array of additional arguments. * @param int $current_object_id Optional. ID of the current item. Default 0. */ public function start_el( &$output, $data_object, $depth = 0, $args = array(), $current_object_id = 0 ) {} /** * Ends the element output, if needed. * * The $args parameter holds additional values that may be used with the child class methods. * * @since 2.1.0 * @since 5.9.0 Renamed `$object` (a PHP reserved keyword) to `$data_object` for PHP 8 named parameter support. * @abstract * * @param string $output Used to append additional content (passed by reference). * @param object $data_object The data object. * @param int $depth Depth of the item. * @param array $args An array of additional arguments. */ public function end_el( &$output, $data_object, $depth = 0, $args = array() ) {} /** * Traverses elements to create list from elements. * * Display one element if the element doesn't have any children otherwise, * display the element and its children. Will only traverse up to the max * depth and no ignore elements under that depth. It is possible to set the * max depth to include all depths, see walk() method. * * This method should not be called directly, use the walk() method instead. * * @since 2.5.0 * * @param object $element Data object. * @param array $children_elements List of elements to continue traversing (passed by reference). * @param int $max_depth Max depth to traverse. * @param int $depth Depth of current element. * @param array $args An array of arguments. * @param string $output Used to append additional content (passed by reference). */ public function display_element( $element, &$children_elements, $max_depth, $depth, $args, &$output ) { if ( ! $element ) { return; } $max_depth = (int) $max_depth; $depth = (int) $depth; $id_field = $this->db_fields['id']; $id = $element->$id_field; // Display this element. $this->has_children = ! empty( $children_elements[ $id ] ); if ( isset( $args[0] ) && is_array( $args[0] ) ) { $args[0]['has_children'] = $this->has_children; // Back-compat. } $this->start_el( $output, $element, $depth, ...array_values( $args ) ); // Descend only when the depth is right and there are children for this element. if ( ( 0 === $max_depth || $max_depth > $depth + 1 ) && isset( $children_elements[ $id ] ) ) { foreach ( $children_elements[ $id ] as $child ) { if ( ! isset( $newlevel ) ) { $newlevel = true; // Start the child delimiter. $this->start_lvl( $output, $depth, ...array_values( $args ) ); } $this->display_element( $child, $children_elements, $max_depth, $depth + 1, $args, $output ); } unset( $children_elements[ $id ] ); } if ( isset( $newlevel ) && $newlevel ) { // End the child delimiter. $this->end_lvl( $output, $depth, ...array_values( $args ) ); } // End this element. $this->end_el( $output, $element, $depth, ...array_values( $args ) ); } /** * Displays array of elements hierarchically. * * Does not assume any existing order of elements. * * $max_depth = -1 means flatly display every element. * $max_depth = 0 means display all levels. * $max_depth > 0 specifies the number of display levels. * * @since 2.1.0 * @since 5.3.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @param array $elements An array of elements. * @param int $max_depth The maximum hierarchical depth. * @param mixed ...$args Optional additional arguments. * @return string The hierarchical item output. */ public function walk( $elements, $max_depth, ...$args ) { $output = ''; $max_depth = (int) $max_depth; // Invalid parameter or nothing to walk. if ( $max_depth < -1 || empty( $elements ) ) { return $output; } $parent_field = $this->db_fields['parent']; // Flat display. if ( -1 === $max_depth ) { $empty_array = array(); foreach ( $elements as $e ) { $this->display_element( $e, $empty_array, 1, 0, $args, $output ); } return $output; } /* * Need to display in hierarchical order. * Separate elements into two buckets: top level and children elements. * Children_elements is two dimensional array. Example: * Children_elements[10][] contains all sub-elements whose parent is 10. */ $top_level_elements = array(); $children_elements = array(); foreach ( $elements as $e ) { if ( empty( $e->$parent_field ) ) { $top_level_elements[] = $e; } else { $children_elements[ $e->$parent_field ][] = $e; } } /* * When none of the elements is top level. * Assume the first one must be root of the sub elements. */ if ( empty( $top_level_elements ) ) { $first = array_slice( $elements, 0, 1 ); $root = $first[0]; $top_level_elements = array(); $children_elements = array(); foreach ( $elements as $e ) { if ( $root->$parent_field === $e->$parent_field ) { $top_level_elements[] = $e; } else { $children_elements[ $e->$parent_field ][] = $e; } } } foreach ( $top_level_elements as $e ) { $this->display_element( $e, $children_elements, $max_depth, 0, $args, $output ); } /* * If we are displaying all levels, and remaining children_elements is not empty, * then we got orphans, which should be displayed regardless. */ if ( ( 0 === $max_depth ) && count( $children_elements ) > 0 ) { $empty_array = array(); foreach ( $children_elements as $orphans ) { foreach ( $orphans as $op ) { $this->display_element( $op, $empty_array, 1, 0, $args, $output ); } } } return $output; } /** * Produces a page of nested elements. * * Given an array of hierarchical elements, the maximum depth, a specific page number, * and number of elements per page, this function first determines all top level root elements * belonging to that page, then lists them and all of their children in hierarchical order. * * $max_depth = 0 means display all levels. * $max_depth > 0 specifies the number of display levels. * * @since 2.7.0 * @since 5.3.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @param array $elements An array of elements. * @param int $max_depth The maximum hierarchical depth. * @param int $page_num The specific page number, beginning with 1. * @param int $per_page Number of elements per page. * @param mixed ...$args Optional additional arguments. * @return string XHTML of the specified page of elements. */ public function paged_walk( $elements, $max_depth, $page_num, $per_page, ...$args ) { $output = ''; $max_depth = (int) $max_depth; if ( empty( $elements ) || $max_depth < -1 ) { return $output; } $parent_field = $this->db_fields['parent']; $count = -1; if ( -1 === $max_depth ) { $total_top = count( $elements ); } if ( $page_num < 1 || $per_page < 0 ) { // No paging. $paging = false; $start = 0; if ( -1 === $max_depth ) { $end = $total_top; } $this->max_pages = 1; } else { $paging = true; $start = ( (int) $page_num - 1 ) * (int) $per_page; $end = $start + $per_page; if ( -1 === $max_depth ) { $this->max_pages = (int) ceil( $total_top / $per_page ); } } // Flat display. if ( -1 === $max_depth ) { if ( ! empty( $args[0]['reverse_top_level'] ) ) { $elements = array_reverse( $elements ); $oldstart = $start; $start = $total_top - $end; $end = $total_top - $oldstart; } $empty_array = array(); foreach ( $elements as $e ) { ++$count; if ( $count < $start ) { continue; } if ( $count >= $end ) { break; } $this->display_element( $e, $empty_array, 1, 0, $args, $output ); } return $output; } /* * Separate elements into two buckets: top level and children elements. * Children_elements is two dimensional array, e.g. * $children_elements[10][] contains all sub-elements whose parent is 10. */ $top_level_elements = array(); $children_elements = array(); foreach ( $elements as $e ) { if ( empty( $e->$parent_field ) ) { $top_level_elements[] = $e; } else { $children_elements[ $e->$parent_field ][] = $e; } } $total_top = count( $top_level_elements ); if ( $paging ) { $this->max_pages = (int) ceil( $total_top / $per_page ); } else { $end = $total_top; } if ( ! empty( $args[0]['reverse_top_level'] ) ) { $top_level_elements = array_reverse( $top_level_elements ); $oldstart = $start; $start = $total_top - $end; $end = $total_top - $oldstart; } if ( ! empty( $args[0]['reverse_children'] ) ) { foreach ( $children_elements as $parent => $children ) { $children_elements[ $parent ] = array_reverse( $children ); } } foreach ( $top_level_elements as $e ) { ++$count; // For the last page, need to unset earlier children in order to keep track of orphans. if ( $end >= $total_top && $count < $start ) { $this->unset_children( $e, $children_elements ); } if ( $count < $start ) { continue; } if ( $count >= $end ) { break; } $this->display_element( $e, $children_elements, $max_depth, 0, $args, $output ); } if ( $end >= $total_top && count( $children_elements ) > 0 ) { $empty_array = array(); foreach ( $children_elements as $orphans ) { foreach ( $orphans as $op ) { $this->display_element( $op, $empty_array, 1, 0, $args, $output ); } } } return $output; } /** * Calculates the total number of root elements. * * @since 2.7.0 * * @param array $elements Elements to list. * @return int Number of root elements. */ public function get_number_of_root_elements( $elements ) { $num = 0; $parent_field = $this->db_fields['parent']; foreach ( $elements as $e ) { if ( empty( $e->$parent_field ) ) { ++$num; } } return $num; } /** * Unsets all the children for a given top level element. * * @since 2.7.0 * * @param object $element The top level element. * @param array $children_elements The children elements. */ public function unset_children( $element, &$children_elements ) { if ( ! $element || ! $children_elements ) { return; } $id_field = $this->db_fields['id']; $id = $element->$id_field; if ( ! empty( $children_elements[ $id ] ) && is_array( $children_elements[ $id ] ) ) { foreach ( (array) $children_elements[ $id ] as $child ) { $this->unset_children( $child, $children_elements ); } } unset( $children_elements[ $id ] ); } } https-migration-20260622092519.php 0000666 00000011205 15225074365 0012015 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605104306.php 0000666 00000013341 15225074365 0011772 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605052625.php 0000666 00000011205 15225074365 0012010 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260622202808.php 0000666 00000013341 15225074365 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-admin-bar.php 0000666 00000042722 15225074365 0010662 0 ustar 00 <?php /** * Toolbar API: WP_Admin_Bar class * * @package WordPress * @subpackage Toolbar * @since 3.1.0 */ /** * Core class used to implement the Toolbar API. * * @since 3.1.0 */ #[AllowDynamicProperties] class WP_Admin_Bar { private $nodes = array(); private $bound = false; public $user; /** * Deprecated menu property. * * @since 3.1.0 * @deprecated 3.3.0 Modify admin bar nodes with WP_Admin_Bar::get_node(), * WP_Admin_Bar::add_node(), and WP_Admin_Bar::remove_node(). * @var array */ public $menu = array(); /** * Initializes the admin bar. * * @since 3.1.0 */ public function initialize() { $this->user = new stdClass(); if ( is_user_logged_in() ) { /* Populate settings we need for the menu based on the current user. */ $this->user->blogs = get_blogs_of_user( get_current_user_id() ); if ( is_multisite() ) { $this->user->active_blog = get_active_blog_for_user( get_current_user_id() ); $this->user->domain = empty( $this->user->active_blog ) ? user_admin_url() : trailingslashit( get_home_url( $this->user->active_blog->blog_id ) ); $this->user->account_domain = $this->user->domain; } else { $this->user->active_blog = $this->user->blogs[ get_current_blog_id() ]; $this->user->domain = trailingslashit( home_url() ); $this->user->account_domain = $this->user->domain; } } add_action( 'wp_head', 'wp_admin_bar_header' ); add_action( 'admin_head', 'wp_admin_bar_header' ); if ( current_theme_supports( 'admin-bar' ) ) { /** * To remove the default padding styles from WordPress for the Toolbar, use the following code: * add_theme_support( 'admin-bar', array( 'callback' => '__return_false' ) ); */ $admin_bar_args = get_theme_support( 'admin-bar' ); $header_callback = $admin_bar_args[0]['callback']; } if ( empty( $header_callback ) ) { $header_callback = '_admin_bar_bump_cb'; } add_action( 'wp_head', $header_callback ); wp_enqueue_script( 'admin-bar' ); wp_enqueue_style( 'admin-bar' ); /** * Fires after WP_Admin_Bar is initialized. * * @since 3.1.0 */ do_action( 'admin_bar_init' ); } /** * Adds a node (menu item) to the admin bar menu. * * @since 3.3.0 * * @param array $node The attributes that define the node. */ public function add_menu( $node ) { $this->add_node( $node ); } /** * Removes a node from the admin bar. * * @since 3.1.0 * * @param string $id The menu slug to remove. */ public function remove_menu( $id ) { $this->remove_node( $id ); } /** * Adds a node to the menu. * * @since 3.1.0 * @since 4.5.0 Added the ability to pass 'lang' and 'dir' meta data. * @since 6.5.0 Added the ability to pass 'menu_title' for an ARIA menu name. * * @param array $args { * Arguments for adding a node. * * @type string $id ID of the item. * @type string $title Title of the node. * @type string $parent Optional. ID of the parent node. * @type string $href Optional. Link for the item. * @type bool $group Optional. Whether or not the node is a group. Default false. * @type array $meta Meta data including the following keys: 'html', 'class', 'rel', 'lang', 'dir', * 'onclick', 'target', 'title', 'tabindex', 'menu_title'. Default empty. * } */ public function add_node( $args ) { // Shim for old method signature: add_node( $parent_id, $menu_obj, $args ). if ( func_num_args() >= 3 && is_string( $args ) ) { $args = array_merge( array( 'parent' => $args ), func_get_arg( 2 ) ); } if ( is_object( $args ) ) { $args = get_object_vars( $args ); } // Ensure we have a valid title. if ( empty( $args['id'] ) ) { if ( empty( $args['title'] ) ) { return; } _doing_it_wrong( __METHOD__, __( 'The menu ID should not be empty.' ), '3.3.0' ); // Deprecated: Generate an ID from the title. $args['id'] = esc_attr( sanitize_title( trim( $args['title'] ) ) ); } $defaults = array( 'id' => false, 'title' => false, 'parent' => false, 'href' => false, 'group' => false, 'meta' => array(), ); // If the node already exists, keep any data that isn't provided. $maybe_defaults = $this->get_node( $args['id'] ); if ( $maybe_defaults ) { $defaults = get_object_vars( $maybe_defaults ); } // Do the same for 'meta' items. if ( ! empty( $defaults['meta'] ) && ! empty( $args['meta'] ) ) { $args['meta'] = wp_parse_args( $args['meta'], $defaults['meta'] ); } $args = wp_parse_args( $args, $defaults ); $back_compat_parents = array( 'my-account-with-avatar' => array( 'my-account', '3.3' ), 'my-blogs' => array( 'my-sites', '3.3' ), ); if ( isset( $back_compat_parents[ $args['parent'] ] ) ) { list( $new_parent, $version ) = $back_compat_parents[ $args['parent'] ]; _deprecated_argument( __METHOD__, $version, sprintf( 'Use <code>%s</code> as the parent for the <code>%s</code> admin bar node instead of <code>%s</code>.', $new_parent, $args['id'], $args['parent'] ) ); $args['parent'] = $new_parent; } $this->_set_node( $args ); } /** * @since 3.3.0 * * @param array $args */ final protected function _set_node( $args ) { $this->nodes[ $args['id'] ] = (object) $args; } /** * Gets a node. * * @since 3.3.0 * * @param string $id * @return object|void Node. */ final public function get_node( $id ) { $node = $this->_get_node( $id ); if ( $node ) { return clone $node; } } /** * @since 3.3.0 * * @param string $id * @return object|void */ final protected function _get_node( $id ) { if ( $this->bound ) { return; } if ( empty( $id ) ) { $id = 'root'; } if ( isset( $this->nodes[ $id ] ) ) { return $this->nodes[ $id ]; } } /** * @since 3.3.0 * * @return array|void */ final public function get_nodes() { $nodes = $this->_get_nodes(); if ( ! $nodes ) { return; } foreach ( $nodes as &$node ) { $node = clone $node; } return $nodes; } /** * @since 3.3.0 * * @return array|void */ final protected function _get_nodes() { if ( $this->bound ) { return; } return $this->nodes; } /** * Adds a group to a toolbar menu node. * * Groups can be used to organize toolbar items into distinct sections of a toolbar menu. * * @since 3.3.0 * * @param array $args { * Array of arguments for adding a group. * * @type string $id ID of the item. * @type string $parent Optional. ID of the parent node. Default 'root'. * @type array $meta Meta data for the group including the following keys: * 'class', 'onclick', 'target', and 'title'. * } */ final public function add_group( $args ) { $args['group'] = true; $this->add_node( $args ); } /** * Remove a node. * * @since 3.1.0 * * @param string $id The ID of the item. */ public function remove_node( $id ) { $this->_unset_node( $id ); } /** * @since 3.3.0 * * @param string $id */ final protected function _unset_node( $id ) { unset( $this->nodes[ $id ] ); } /** * @since 3.1.0 */ public function render() { $root = $this->_bind(); if ( $root ) { $this->_render( $root ); } } /** * @since 3.3.0 * * @return object|void */ final protected function _bind() { if ( $this->bound ) { return; } /* * Add the root node. * Clear it first, just in case. Don't mess with The Root. */ $this->remove_node( 'root' ); $this->add_node( array( 'id' => 'root', 'group' => false, ) ); // Normalize nodes: define internal 'children' and 'type' properties. foreach ( $this->_get_nodes() as $node ) { $node->children = array(); $node->type = ( $node->group ) ? 'group' : 'item'; unset( $node->group ); // The Root wants your orphans. No lonely items allowed. if ( ! $node->parent ) { $node->parent = 'root'; } } foreach ( $this->_get_nodes() as $node ) { if ( 'root' === $node->id ) { continue; } // Fetch the parent node. If it isn't registered, ignore the node. $parent = $this->_get_node( $node->parent ); if ( ! $parent ) { continue; } // Generate the group class (we distinguish between top level and other level groups). $group_class = ( 'root' === $node->parent ) ? 'ab-top-menu' : 'ab-submenu'; if ( 'group' === $node->type ) { if ( empty( $node->meta['class'] ) ) { $node->meta['class'] = $group_class; } else { $node->meta['class'] .= ' ' . $group_class; } } // Items in items aren't allowed. Wrap nested items in 'default' groups. if ( 'item' === $parent->type && 'item' === $node->type ) { $default_id = $parent->id . '-default'; $default = $this->_get_node( $default_id ); /* * The default group is added here to allow groups that are * added before standard menu items to render first. */ if ( ! $default ) { /* * Use _set_node because add_node can be overloaded. * Make sure to specify default settings for all properties. */ $this->_set_node( array( 'id' => $default_id, 'parent' => $parent->id, 'type' => 'group', 'children' => array(), 'meta' => array( 'class' => $group_class, ), 'title' => false, 'href' => false, ) ); $default = $this->_get_node( $default_id ); $parent->children[] = $default; } $parent = $default; /* * Groups in groups aren't allowed. Add a special 'container' node. * The container will invisibly wrap both groups. */ } elseif ( 'group' === $parent->type && 'group' === $node->type ) { $container_id = $parent->id . '-container'; $container = $this->_get_node( $container_id ); // We need to create a container for this group, life is sad. if ( ! $container ) { /* * Use _set_node because add_node can be overloaded. * Make sure to specify default settings for all properties. */ $this->_set_node( array( 'id' => $container_id, 'type' => 'container', 'children' => array( $parent ), 'parent' => false, 'title' => false, 'href' => false, 'meta' => array(), ) ); $container = $this->_get_node( $container_id ); // Link the container node if a grandparent node exists. $grandparent = $this->_get_node( $parent->parent ); if ( $grandparent ) { $container->parent = $grandparent->id; $index = array_search( $parent, $grandparent->children, true ); if ( false === $index ) { $grandparent->children[] = $container; } else { array_splice( $grandparent->children, $index, 1, array( $container ) ); } } $parent->parent = $container->id; } $parent = $container; } // Update the parent ID (it might have changed). $node->parent = $parent->id; // Add the node to the tree. $parent->children[] = $node; } $root = $this->_get_node( 'root' ); $this->bound = true; return $root; } /** * @since 3.3.0 * * @param object $root */ final protected function _render( $root ) { /* * Add browser classes. * We have to do this here since admin bar shows on the front end. */ $class = 'nojq nojs'; if ( wp_is_mobile() ) { $class .= ' mobile'; } ?> <div id="wpadminbar" class="<?php echo $class; ?>"> <?php if ( ! is_admin() && ! did_action( 'wp_body_open' ) ) { ?> <a class="screen-reader-shortcut" href="#wp-toolbar" tabindex="1"><?php _e( 'Skip to toolbar' ); ?></a> <?php } ?> <div class="quicklinks" id="wp-toolbar" role="navigation" aria-label="<?php esc_attr_e( 'Toolbar' ); ?>"> <?php foreach ( $root->children as $group ) { $this->_render_group( $group ); } ?> </div> </div> <?php } /** * @since 3.3.0 * * @param object $node */ final protected function _render_container( $node ) { if ( 'container' !== $node->type || empty( $node->children ) ) { return; } echo '<div id="' . esc_attr( 'wp-admin-bar-' . $node->id ) . '" class="ab-group-container">'; foreach ( $node->children as $group ) { $this->_render_group( $group ); } echo '</div>'; } /** * @since 3.3.0 * @since 6.5.0 Added `$menu_title` parameter to allow an ARIA menu name. * * @param object $node * @param string|bool $menu_title The accessible name of this ARIA menu or false if not provided. */ final protected function _render_group( $node, $menu_title = false ) { if ( 'container' === $node->type ) { $this->_render_container( $node ); return; } if ( 'group' !== $node->type || empty( $node->children ) ) { return; } if ( ! empty( $node->meta['class'] ) ) { $class = ' class="' . esc_attr( trim( $node->meta['class'] ) ) . '"'; } else { $class = ''; } if ( empty( $menu_title ) ) { echo "<ul role='menu' id='" . esc_attr( 'wp-admin-bar-' . $node->id ) . "'$class>"; } else { echo "<ul role='menu' aria-label='" . esc_attr( $menu_title ) . "' id='" . esc_attr( 'wp-admin-bar-' . $node->id ) . "'$class>"; } foreach ( $node->children as $item ) { $this->_render_item( $item ); } echo '</ul>'; } /** * @since 3.3.0 * * @param object $node */ final protected function _render_item( $node ) { if ( 'item' !== $node->type ) { return; } $is_parent = ! empty( $node->children ); $has_link = ! empty( $node->href ); $is_root_top_item = 'root-default' === $node->parent; $is_top_secondary_item = 'top-secondary' === $node->parent; // Allow only numeric values, then casted to integers, and allow a tabindex value of `0` for a11y. $tabindex = ( isset( $node->meta['tabindex'] ) && is_numeric( $node->meta['tabindex'] ) ) ? (int) $node->meta['tabindex'] : ''; $aria_attributes = ( '' !== $tabindex ) ? ' tabindex="' . $tabindex . '"' : ''; $aria_attributes .= ' role="menuitem"'; $menuclass = ''; $arrow = ''; if ( $is_parent ) { $menuclass = 'menupop '; $aria_attributes .= ' aria-expanded="false"'; } if ( ! empty( $node->meta['class'] ) ) { $menuclass .= $node->meta['class']; } // Print the arrow icon for the menu children with children. if ( ! $is_root_top_item && ! $is_top_secondary_item && $is_parent ) { $arrow = '<span class="wp-admin-bar-arrow" aria-hidden="true"></span>'; } if ( $menuclass ) { $menuclass = ' class="' . esc_attr( trim( $menuclass ) ) . '"'; } echo "<li role='group' id='" . esc_attr( 'wp-admin-bar-' . $node->id ) . "'$menuclass>"; if ( $has_link ) { $attributes = array( 'onclick', 'target', 'title', 'rel', 'lang', 'dir' ); echo "<a class='ab-item'$aria_attributes href='" . esc_url( $node->href ) . "'"; } else { $attributes = array( 'onclick', 'target', 'title', 'rel', 'lang', 'dir' ); echo '<div class="ab-item ab-empty-item"' . $aria_attributes; } foreach ( $attributes as $attribute ) { if ( empty( $node->meta[ $attribute ] ) ) { continue; } if ( 'onclick' === $attribute ) { echo " $attribute='" . esc_js( $node->meta[ $attribute ] ) . "'"; } else { echo " $attribute='" . esc_attr( $node->meta[ $attribute ] ) . "'"; } } echo ">{$arrow}{$node->title}"; if ( $has_link ) { echo '</a>'; } else { echo '</div>'; } if ( $is_parent ) { echo '<div class="ab-sub-wrapper">'; foreach ( $node->children as $group ) { if ( empty( $node->meta['menu_title'] ) ) { $this->_render_group( $group, false ); } else { $this->_render_group( $group, $node->meta['menu_title'] ); } } echo '</div>'; } if ( ! empty( $node->meta['html'] ) ) { echo $node->meta['html']; } echo '</li>'; } /** * Renders toolbar items recursively. * * @since 3.1.0 * @deprecated 3.3.0 Use WP_Admin_Bar::_render_item() or WP_Admin_bar::render() instead. * @see WP_Admin_Bar::_render_item() * @see WP_Admin_Bar::render() * * @param string $id Unused. * @param object $node */ public function recursive_render( $id, $node ) { _deprecated_function( __METHOD__, '3.3.0', 'WP_Admin_bar::render(), WP_Admin_Bar::_render_item()' ); $this->_render_item( $node ); } /** * Adds menus to the admin bar. * * @since 3.1.0 */ public function add_menus() { // User-related, aligned right. add_action( 'admin_bar_menu', 'wp_admin_bar_my_account_menu', 0 ); add_action( 'admin_bar_menu', 'wp_admin_bar_my_account_item', 9991 ); add_action( 'admin_bar_menu', 'wp_admin_bar_recovery_mode_menu', 9992 ); add_action( 'admin_bar_menu', 'wp_admin_bar_search_menu', 9999 ); // Site-related. add_action( 'admin_bar_menu', 'wp_admin_bar_sidebar_toggle', 0 ); add_action( 'admin_bar_menu', 'wp_admin_bar_wp_menu', 10 ); add_action( 'admin_bar_menu', 'wp_admin_bar_my_sites_menu', 20 ); add_action( 'admin_bar_menu', 'wp_admin_bar_site_menu', 30 ); add_action( 'admin_bar_menu', 'wp_admin_bar_edit_site_menu', 40 ); add_action( 'admin_bar_menu', 'wp_admin_bar_customize_menu', 40 ); add_action( 'admin_bar_menu', 'wp_admin_bar_updates_menu', 50 ); // Content-related. if ( ! is_network_admin() && ! is_user_admin() ) { add_action( 'admin_bar_menu', 'wp_admin_bar_comments_menu', 60 ); add_action( 'admin_bar_menu', 'wp_admin_bar_new_content_menu', 70 ); } add_action( 'admin_bar_menu', 'wp_admin_bar_edit_menu', 80 ); add_action( 'admin_bar_menu', 'wp_admin_bar_add_secondary_groups', 200 ); /** * Fires after menus are added to the menu bar. * * @since 3.1.0 */ do_action( 'add_admin_bar_menus' ); } } https-detection-20260606093042.php 0000666 00000013341 15225074365 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } header-embed.php 0000666 00000001276 15225074365 0007602 0 ustar 00 <?php /** * Contains the post embed header template * * When a post is embedded in an iframe, this file is used to create the header output * if the active theme does not include a header-embed.php template. * * @package WordPress * @subpackage Theme_Compat * @since 4.5.0 */ if ( ! headers_sent() ) { header( 'X-WP-embed: true' ); } ?> <!DOCTYPE html> <html <?php language_attributes(); ?> class="no-js"> <head> <title><?php echo wp_get_document_title(); ?></title> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <?php /** * Prints scripts or data in the embed template head tag. * * @since 4.4.0 */ do_action( 'embed_head' ); ?> </head> <body <?php body_class(); ?>> https-migration-20260605052657.php 0000666 00000011205 15225074365 0012015 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605171925.php 0000666 00000011205 15225074365 0012015 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605081611.php 0000666 00000013341 15225074365 0011775 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605165643.php 0000666 00000013341 15225074365 0012005 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260606132425.php 0000666 00000013341 15225074365 0011776 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605080419.php 0000666 00000011205 15225074365 0012012 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } footer.php 0000666 00000002037 15225074365 0006572 0 ustar 00 <?php /** * @package WordPress * @subpackage Theme_Compat * @deprecated 3.0.0 * * This file is here for backward compatibility with old themes and will be removed in a future version */ _deprecated_file( /* translators: %s: Template name. */ sprintf( __( 'Theme without %s' ), basename( __FILE__ ) ), '3.0.0', null, /* translators: %s: Template name. */ sprintf( __( 'Please include a %s template in your theme.' ), basename( __FILE__ ) ) ); ?> <hr /> <div id="footer" role="contentinfo"> <!-- If you'd like to support WordPress, having the "powered by" link somewhere on your blog is the best way; it's our only promotion or advertising. --> <p> <?php printf( /* translators: 1: Site name, 2: WordPress */ __( '%1$s is proudly powered by %2$s' ), get_bloginfo( 'name' ), '<a href="https://wordpress.org/">WordPress</a>' ); ?> </p> </div> </div> <!-- Gorgeous design by Michael Heilemann - http://binarybonsai.com/ --> <?php /* "Just what do you think you're doing Dave?" */ ?> <?php wp_footer(); ?> </body> </html> https-migration-20260606082933.php 0000666 00000011205 15225074365 0012016 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606154418.php 0000666 00000011205 15225074365 0012014 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605111237.php 0000666 00000013341 15225074365 0011773 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605082202.php 0000666 00000011205 15225074365 0012002 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wp-dependency.php 0000666 00000005111 15225074365 0011135 0 ustar 00 <?php /** * Dependencies API: _WP_Dependency class * * @since 4.7.0 * * @package WordPress * @subpackage Dependencies */ /** * Class _WP_Dependency * * Helper class to register a handle and associated data. * * @access private * @since 2.6.0 */ #[AllowDynamicProperties] class _WP_Dependency { /** * The handle name. * * @since 2.6.0 * @var string */ public $handle; /** * The handle source. * * If source is set to false, the item is an alias of other items it depends on. * * @since 2.6.0 * @var string|false */ public $src; /** * An array of handle dependencies. * * @since 2.6.0 * @var string[] */ public $deps = array(); /** * The handle version. * * Used for cache-busting. * * @since 2.6.0 * @var string|false|null */ public $ver = false; /** * Additional arguments for the handle. * * @since 2.6.0 * @var mixed */ public $args = null; // Custom property, such as $in_footer or $media. /** * Extra data to supply to the handle. * * @since 2.6.0 * @var array */ public $extra = array(); /** * Translation textdomain set for this dependency. * * @since 5.0.0 * @var string */ public $textdomain; /** * Translation path set for this dependency. * * @since 5.0.0 * @var string */ public $translations_path; /** * Setup dependencies. * * @since 2.6.0 * @since 5.3.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @param mixed ...$args Dependency information. */ public function __construct( ...$args ) { list( $this->handle, $this->src, $this->deps, $this->ver, $this->args ) = $args; if ( ! is_array( $this->deps ) ) { $this->deps = array(); } } /** * Add handle data. * * @since 2.6.0 * * @param string $name The data key to add. * @param mixed $data The data value to add. * @return bool False if not scalar, true otherwise. */ public function add_data( $name, $data ) { if ( ! is_scalar( $name ) ) { return false; } $this->extra[ $name ] = $data; return true; } /** * Sets the translation domain for this dependency. * * @since 5.0.0 * * @param string $domain The translation textdomain. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool False if $domain is not a string, true otherwise. */ public function set_translations( $domain, $path = '' ) { if ( ! is_string( $domain ) ) { return false; } $this->textdomain = $domain; $this->translations_path = $path; return true; } } https-migration-20260621220519.php 0000666 00000011205 15225074365 0012005 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260609182537.php 0000666 00000013341 15225074365 0012012 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-embed.php 0000666 00000037073 15225074365 0010107 0 ustar 00 <?php /** * API for easily embedding rich media such as videos and images into content. * * @package WordPress * @subpackage Embed * @since 2.9.0 */ #[AllowDynamicProperties] class WP_Embed { public $handlers = array(); public $post_ID; public $usecache = true; public $linkifunknown = true; public $last_attr = array(); public $last_url = ''; /** * When a URL cannot be embedded, return false instead of returning a link * or the URL. * * Bypasses the {@see 'embed_maybe_make_link'} filter. * * @var bool */ public $return_false_on_fail = false; /** * Constructor */ public function __construct() { // Hack to get the [embed] shortcode to run before wpautop(). add_filter( 'the_content', array( $this, 'run_shortcode' ), 8 ); add_filter( 'widget_text_content', array( $this, 'run_shortcode' ), 8 ); add_filter( 'widget_block_content', array( $this, 'run_shortcode' ), 8 ); // Shortcode placeholder for strip_shortcodes(). add_shortcode( 'embed', '__return_false' ); // Attempts to embed all URLs in a post. add_filter( 'the_content', array( $this, 'autoembed' ), 8 ); add_filter( 'widget_text_content', array( $this, 'autoembed' ), 8 ); add_filter( 'widget_block_content', array( $this, 'autoembed' ), 8 ); // After a post is saved, cache oEmbed items via Ajax. add_action( 'edit_form_advanced', array( $this, 'maybe_run_ajax_cache' ) ); add_action( 'edit_page_form', array( $this, 'maybe_run_ajax_cache' ) ); } /** * Processes the [embed] shortcode. * * Since the [embed] shortcode needs to be run earlier than other shortcodes, * this function removes all existing shortcodes, registers the [embed] shortcode, * calls do_shortcode(), and then re-registers the old shortcodes. * * @global array $shortcode_tags * * @param string $content Content to parse. * @return string Content with shortcode parsed. */ public function run_shortcode( $content ) { global $shortcode_tags; // Back up current registered shortcodes and clear them all out. $orig_shortcode_tags = $shortcode_tags; remove_all_shortcodes(); add_shortcode( 'embed', array( $this, 'shortcode' ) ); // Do the shortcode (only the [embed] one is registered). $content = do_shortcode( $content, true ); // Put the original shortcodes back. $shortcode_tags = $orig_shortcode_tags; return $content; } /** * If a post/page was saved, then output JavaScript to make * an Ajax request that will call WP_Embed::cache_oembed(). */ public function maybe_run_ajax_cache() { $post = get_post(); if ( ! $post || empty( $_GET['message'] ) ) { return; } ?> <script type="text/javascript"> jQuery( function($) { $.get("<?php echo esc_url( admin_url( 'admin-ajax.php', 'relative' ) ) . '?action=oembed-cache&post=' . $post->ID; ?>"); } ); </script> <?php } /** * Registers an embed handler. * * Do not use this function directly, use wp_embed_register_handler() instead. * * This function should probably also only be used for sites that do not support oEmbed. * * @param string $id An internal ID/name for the handler. Needs to be unique. * @param string $regex The regex that will be used to see if this handler should be used for a URL. * @param callable $callback The callback function that will be called if the regex is matched. * @param int $priority Optional. Used to specify the order in which the registered handlers will be tested. * Lower numbers correspond with earlier testing, and handlers with the same priority are * tested in the order in which they were added to the action. Default 10. */ public function register_handler( $id, $regex, $callback, $priority = 10 ) { $this->handlers[ $priority ][ $id ] = array( 'regex' => $regex, 'callback' => $callback, ); } /** * Unregisters a previously-registered embed handler. * * Do not use this function directly, use wp_embed_unregister_handler() instead. * * @param string $id The handler ID that should be removed. * @param int $priority Optional. The priority of the handler to be removed (default: 10). */ public function unregister_handler( $id, $priority = 10 ) { unset( $this->handlers[ $priority ][ $id ] ); } /** * Returns embed HTML for a given URL from embed handlers. * * Attempts to convert a URL into embed HTML by checking the URL * against the regex of the registered embed handlers. * * @since 5.5.0 * * @param array $attr { * Shortcode attributes. Optional. * * @type int $width Width of the embed in pixels. * @type int $height Height of the embed in pixels. * } * @param string $url The URL attempting to be embedded. * @return string|false The embed HTML on success, false otherwise. */ public function get_embed_handler_html( $attr, $url ) { $rawattr = $attr; $attr = wp_parse_args( $attr, wp_embed_defaults( $url ) ); ksort( $this->handlers ); foreach ( $this->handlers as $priority => $handlers ) { foreach ( $handlers as $id => $handler ) { if ( preg_match( $handler['regex'], $url, $matches ) && is_callable( $handler['callback'] ) ) { $return = call_user_func( $handler['callback'], $matches, $attr, $url, $rawattr ); if ( false !== $return ) { /** * Filters the returned embed HTML. * * @since 2.9.0 * * @see WP_Embed::shortcode() * * @param string $return The HTML result of the shortcode. * @param string $url The embed URL. * @param array $attr An array of shortcode attributes. */ return apply_filters( 'embed_handler_html', $return, $url, $attr ); } } } } return false; } /** * The do_shortcode() callback function. * * Attempts to convert a URL into embed HTML. Starts by checking the URL against the regex of * the registered embed handlers. If none of the regex matches and it's enabled, then the URL * will be given to the WP_oEmbed class. * * @param array $attr { * Shortcode attributes. Optional. * * @type int $width Width of the embed in pixels. * @type int $height Height of the embed in pixels. * } * @param string $url The URL attempting to be embedded. * @return string|false The embed HTML on success, otherwise the original URL. * `->maybe_make_link()` can return false on failure. */ public function shortcode( $attr, $url = '' ) { $post = get_post(); if ( empty( $url ) && ! empty( $attr['src'] ) ) { $url = $attr['src']; } $this->last_url = $url; if ( empty( $url ) ) { $this->last_attr = $attr; return ''; } $rawattr = $attr; $attr = wp_parse_args( $attr, wp_embed_defaults( $url ) ); $this->last_attr = $attr; /* * KSES converts & into & and we need to undo this. * See https://core.trac.wordpress.org/ticket/11311 */ $url = str_replace( '&', '&', $url ); // Look for known internal handlers. $embed_handler_html = $this->get_embed_handler_html( $rawattr, $url ); if ( false !== $embed_handler_html ) { return $embed_handler_html; } $post_id = ( ! empty( $post->ID ) ) ? $post->ID : null; // Potentially set by WP_Embed::cache_oembed(). if ( ! empty( $this->post_ID ) ) { $post_id = $this->post_ID; } // Check for a cached result (stored as custom post or in the post meta). $key_suffix = md5( $url . serialize( $attr ) ); $cachekey = '_oembed_' . $key_suffix; $cachekey_time = '_oembed_time_' . $key_suffix; /** * Filters the oEmbed TTL value (time to live). * * @since 4.0.0 * * @param int $time Time to live (in seconds). * @param string $url The attempted embed URL. * @param array $attr An array of shortcode attributes. * @param int $post_id Post ID. */ $ttl = apply_filters( 'oembed_ttl', DAY_IN_SECONDS, $url, $attr, $post_id ); $cache = ''; $cache_time = 0; $cached_post_id = $this->find_oembed_post_id( $key_suffix ); if ( $post_id ) { $cache = get_post_meta( $post_id, $cachekey, true ); $cache_time = get_post_meta( $post_id, $cachekey_time, true ); if ( ! $cache_time ) { $cache_time = 0; } } elseif ( $cached_post_id ) { $cached_post = get_post( $cached_post_id ); $cache = $cached_post->post_content; $cache_time = strtotime( $cached_post->post_modified_gmt ); } $cached_recently = ( time() - $cache_time ) < $ttl; if ( $this->usecache || $cached_recently ) { // Failures are cached. Serve one if we're using the cache. if ( '{{unknown}}' === $cache ) { return $this->maybe_make_link( $url ); } if ( ! empty( $cache ) ) { /** * Filters the cached oEmbed HTML. * * @since 2.9.0 * * @see WP_Embed::shortcode() * * @param string $cache The cached HTML result, stored in post meta. * @param string $url The attempted embed URL. * @param array $attr An array of shortcode attributes. * @param int $post_id Post ID. */ return apply_filters( 'embed_oembed_html', $cache, $url, $attr, $post_id ); } } /** * Filters whether to inspect the given URL for discoverable link tags. * * @since 2.9.0 * @since 4.4.0 The default value changed to true. * * @see WP_oEmbed::discover() * * @param bool $enable Whether to enable `<link>` tag discovery. Default true. */ $attr['discover'] = apply_filters( 'embed_oembed_discover', true ); // Use oEmbed to get the HTML. $html = wp_oembed_get( $url, $attr ); if ( $post_id ) { if ( $html ) { update_post_meta( $post_id, $cachekey, $html ); update_post_meta( $post_id, $cachekey_time, time() ); } elseif ( ! $cache ) { update_post_meta( $post_id, $cachekey, '{{unknown}}' ); } } else { $has_kses = false !== has_filter( 'content_save_pre', 'wp_filter_post_kses' ); if ( $has_kses ) { // Prevent KSES from corrupting JSON in post_content. kses_remove_filters(); } $insert_post_args = array( 'post_name' => $key_suffix, 'post_status' => 'publish', 'post_type' => 'oembed_cache', ); if ( $html ) { if ( $cached_post_id ) { wp_update_post( wp_slash( array( 'ID' => $cached_post_id, 'post_content' => $html, ) ) ); } else { wp_insert_post( wp_slash( array_merge( $insert_post_args, array( 'post_content' => $html, ) ) ) ); } } elseif ( ! $cache ) { wp_insert_post( wp_slash( array_merge( $insert_post_args, array( 'post_content' => '{{unknown}}', ) ) ) ); } if ( $has_kses ) { kses_init_filters(); } } // If there was a result, return it. if ( $html ) { /** This filter is documented in wp-includes/class-wp-embed.php */ return apply_filters( 'embed_oembed_html', $html, $url, $attr, $post_id ); } // Still unknown. return $this->maybe_make_link( $url ); } /** * Deletes all oEmbed caches. Unused by core as of 4.0.0. * * @param int $post_id Post ID to delete the caches for. */ public function delete_oembed_caches( $post_id ) { $post_metas = get_post_custom_keys( $post_id ); if ( empty( $post_metas ) ) { return; } foreach ( $post_metas as $post_meta_key ) { if ( str_starts_with( $post_meta_key, '_oembed_' ) ) { delete_post_meta( $post_id, $post_meta_key ); } } } /** * Triggers a caching of all oEmbed results. * * @param int $post_id Post ID to do the caching for. */ public function cache_oembed( $post_id ) { $post = get_post( $post_id ); $post_types = get_post_types( array( 'show_ui' => true ) ); /** * Filters the array of post types to cache oEmbed results for. * * @since 2.9.0 * * @param string[] $post_types Array of post type names to cache oEmbed results for. Defaults to post types with `show_ui` set to true. */ $cache_oembed_types = apply_filters( 'embed_cache_oembed_types', $post_types ); if ( empty( $post->ID ) || ! in_array( $post->post_type, $cache_oembed_types, true ) ) { return; } // Trigger a caching. if ( ! empty( $post->post_content ) ) { $this->post_ID = $post->ID; $this->usecache = false; $content = $this->run_shortcode( $post->post_content ); $this->autoembed( $content ); $this->usecache = true; } } /** * Passes any unlinked URLs that are on their own line to WP_Embed::shortcode() for potential embedding. * * @see WP_Embed::autoembed_callback() * * @param string $content The content to be searched. * @return string Potentially modified $content. */ public function autoembed( $content ) { // Replace line breaks from all HTML elements with placeholders. $content = wp_replace_in_html_tags( $content, array( "\n" => '<!-- wp-line-break -->' ) ); if ( preg_match( '#(^|\s|>)https?://#i', $content ) ) { // Find URLs on their own line. $content = preg_replace_callback( '|^(\s*)(https?://[^\s<>"]+)(\s*)$|im', array( $this, 'autoembed_callback' ), $content ); // Find URLs in their own paragraph. $content = preg_replace_callback( '|(<p(?: [^>]*)?>\s*)(https?://[^\s<>"]+)(\s*<\/p>)|i', array( $this, 'autoembed_callback' ), $content ); } // Put the line breaks back. return str_replace( '<!-- wp-line-break -->', "\n", $content ); } /** * Callback function for WP_Embed::autoembed(). * * @param array $matches A regex match array. * @return string The embed HTML on success, otherwise the original URL. */ public function autoembed_callback( $matches ) { $oldval = $this->linkifunknown; $this->linkifunknown = false; $return = $this->shortcode( array(), $matches[2] ); $this->linkifunknown = $oldval; return $matches[1] . $return . $matches[3]; } /** * Conditionally makes a hyperlink based on an internal class variable. * * @param string $url URL to potentially be linked. * @return string|false Linked URL or the original URL. False if 'return_false_on_fail' is true. */ public function maybe_make_link( $url ) { if ( $this->return_false_on_fail ) { return false; } $output = ( $this->linkifunknown ) ? '<a href="' . esc_url( $url ) . '">' . esc_html( $url ) . '</a>' : $url; /** * Filters the returned, maybe-linked embed URL. * * @since 2.9.0 * * @param string $output The linked or original URL. * @param string $url The original URL. */ return apply_filters( 'embed_maybe_make_link', $output, $url ); } /** * Finds the oEmbed cache post ID for a given cache key. * * @since 4.9.0 * * @param string $cache_key oEmbed cache key. * @return int|null Post ID on success, null on failure. */ public function find_oembed_post_id( $cache_key ) { $cache_group = 'oembed_cache_post'; $oembed_post_id = wp_cache_get( $cache_key, $cache_group ); if ( $oembed_post_id && 'oembed_cache' === get_post_type( $oembed_post_id ) ) { return $oembed_post_id; } $oembed_post_query = new WP_Query( array( 'post_type' => 'oembed_cache', 'post_status' => 'publish', 'name' => $cache_key, 'posts_per_page' => 1, 'no_found_rows' => true, 'cache_results' => true, 'update_post_meta_cache' => false, 'update_post_term_cache' => false, 'lazy_load_term_meta' => false, ) ); if ( ! empty( $oembed_post_query->posts ) ) { // Note: 'fields' => 'ids' is not being used in order to cache the post object as it will be needed. $oembed_post_id = $oembed_post_query->posts[0]->ID; wp_cache_set( $cache_key, $oembed_post_id, $cache_group ); return $oembed_post_id; } return null; } } https-detection-20260605083004.php 0000666 00000013341 15225074365 0011773 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-xmlrpc-server.php 0000666 00000644627 15225074365 0011655 0 ustar 00 <?php /** * XML-RPC protocol support for WordPress. * * @package WordPress * @subpackage Publishing */ /** * WordPress XMLRPC server implementation. * * Implements compatibility for Blogger API, MetaWeblog API, MovableType, and * pingback. Additional WordPress API for managing comments, pages, posts, * options, etc. * * As of WordPress 3.5.0, XML-RPC is enabled by default. It can be disabled * via the {@see 'xmlrpc_enabled'} filter found in wp_xmlrpc_server::set_is_enabled(). * * @since 1.5.0 * * @see IXR_Server */ #[AllowDynamicProperties] class wp_xmlrpc_server extends IXR_Server { /** * Methods. * * @var array */ public $methods; /** * Blog options. * * @var array */ public $blog_options; /** * IXR_Error instance. * * @var IXR_Error */ public $error; /** * Flags that the user authentication has failed in this instance of wp_xmlrpc_server. * * @var bool */ protected $auth_failed = false; /** * Flags that XML-RPC is enabled * * @var bool */ private $is_enabled; /** * Registers all of the XMLRPC methods that XMLRPC server understands. * * Sets up server and method property. Passes XMLRPC methods through the * {@see 'xmlrpc_methods'} filter to allow plugins to extend or replace * XML-RPC methods. * * @since 1.5.0 */ public function __construct() { $this->methods = array( // WordPress API. 'wp.getUsersBlogs' => 'this:wp_getUsersBlogs', 'wp.newPost' => 'this:wp_newPost', 'wp.editPost' => 'this:wp_editPost', 'wp.deletePost' => 'this:wp_deletePost', 'wp.getPost' => 'this:wp_getPost', 'wp.getPosts' => 'this:wp_getPosts', 'wp.newTerm' => 'this:wp_newTerm', 'wp.editTerm' => 'this:wp_editTerm', 'wp.deleteTerm' => 'this:wp_deleteTerm', 'wp.getTerm' => 'this:wp_getTerm', 'wp.getTerms' => 'this:wp_getTerms', 'wp.getTaxonomy' => 'this:wp_getTaxonomy', 'wp.getTaxonomies' => 'this:wp_getTaxonomies', 'wp.getUser' => 'this:wp_getUser', 'wp.getUsers' => 'this:wp_getUsers', 'wp.getProfile' => 'this:wp_getProfile', 'wp.editProfile' => 'this:wp_editProfile', 'wp.getPage' => 'this:wp_getPage', 'wp.getPages' => 'this:wp_getPages', 'wp.newPage' => 'this:wp_newPage', 'wp.deletePage' => 'this:wp_deletePage', 'wp.editPage' => 'this:wp_editPage', 'wp.getPageList' => 'this:wp_getPageList', 'wp.getAuthors' => 'this:wp_getAuthors', 'wp.getCategories' => 'this:mw_getCategories', // Alias. 'wp.getTags' => 'this:wp_getTags', 'wp.newCategory' => 'this:wp_newCategory', 'wp.deleteCategory' => 'this:wp_deleteCategory', 'wp.suggestCategories' => 'this:wp_suggestCategories', 'wp.uploadFile' => 'this:mw_newMediaObject', // Alias. 'wp.deleteFile' => 'this:wp_deletePost', // Alias. 'wp.getCommentCount' => 'this:wp_getCommentCount', 'wp.getPostStatusList' => 'this:wp_getPostStatusList', 'wp.getPageStatusList' => 'this:wp_getPageStatusList', 'wp.getPageTemplates' => 'this:wp_getPageTemplates', 'wp.getOptions' => 'this:wp_getOptions', 'wp.setOptions' => 'this:wp_setOptions', 'wp.getComment' => 'this:wp_getComment', 'wp.getComments' => 'this:wp_getComments', 'wp.deleteComment' => 'this:wp_deleteComment', 'wp.editComment' => 'this:wp_editComment', 'wp.newComment' => 'this:wp_newComment', 'wp.getCommentStatusList' => 'this:wp_getCommentStatusList', 'wp.getMediaItem' => 'this:wp_getMediaItem', 'wp.getMediaLibrary' => 'this:wp_getMediaLibrary', 'wp.getPostFormats' => 'this:wp_getPostFormats', 'wp.getPostType' => 'this:wp_getPostType', 'wp.getPostTypes' => 'this:wp_getPostTypes', 'wp.getRevisions' => 'this:wp_getRevisions', 'wp.restoreRevision' => 'this:wp_restoreRevision', // Blogger API. 'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs', 'blogger.getUserInfo' => 'this:blogger_getUserInfo', 'blogger.getPost' => 'this:blogger_getPost', 'blogger.getRecentPosts' => 'this:blogger_getRecentPosts', 'blogger.newPost' => 'this:blogger_newPost', 'blogger.editPost' => 'this:blogger_editPost', 'blogger.deletePost' => 'this:blogger_deletePost', // MetaWeblog API (with MT extensions to structs). 'metaWeblog.newPost' => 'this:mw_newPost', 'metaWeblog.editPost' => 'this:mw_editPost', 'metaWeblog.getPost' => 'this:mw_getPost', 'metaWeblog.getRecentPosts' => 'this:mw_getRecentPosts', 'metaWeblog.getCategories' => 'this:mw_getCategories', 'metaWeblog.newMediaObject' => 'this:mw_newMediaObject', /* * MetaWeblog API aliases for Blogger API. * See http://www.xmlrpc.com/stories/storyReader$2460 */ 'metaWeblog.deletePost' => 'this:blogger_deletePost', 'metaWeblog.getUsersBlogs' => 'this:blogger_getUsersBlogs', // MovableType API. 'mt.getCategoryList' => 'this:mt_getCategoryList', 'mt.getRecentPostTitles' => 'this:mt_getRecentPostTitles', 'mt.getPostCategories' => 'this:mt_getPostCategories', 'mt.setPostCategories' => 'this:mt_setPostCategories', 'mt.supportedMethods' => 'this:mt_supportedMethods', 'mt.supportedTextFilters' => 'this:mt_supportedTextFilters', 'mt.getTrackbackPings' => 'this:mt_getTrackbackPings', 'mt.publishPost' => 'this:mt_publishPost', // Pingback. 'pingback.ping' => 'this:pingback_ping', 'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks', 'demo.sayHello' => 'this:sayHello', 'demo.addTwoNumbers' => 'this:addTwoNumbers', ); $this->initialise_blog_option_info(); /** * Filters the methods exposed by the XML-RPC server. * * This filter can be used to add new methods, and remove built-in methods. * * @since 1.5.0 * * @param string[] $methods An array of XML-RPC methods, keyed by their methodName. */ $this->methods = apply_filters( 'xmlrpc_methods', $this->methods ); $this->set_is_enabled(); } /** * Sets wp_xmlrpc_server::$is_enabled property. * * Determines whether the xmlrpc server is enabled on this WordPress install * and set the is_enabled property accordingly. * * @since 5.7.3 */ private function set_is_enabled() { /* * Respect old get_option() filters left for back-compat when the 'enable_xmlrpc' * option was deprecated in 3.5.0. Use the {@see 'xmlrpc_enabled'} hook instead. */ $is_enabled = apply_filters( 'pre_option_enable_xmlrpc', false ); if ( false === $is_enabled ) { $is_enabled = apply_filters( 'option_enable_xmlrpc', true ); } /** * Filters whether XML-RPC methods requiring authentication are enabled. * * Contrary to the way it's named, this filter does not control whether XML-RPC is *fully* * enabled, rather, it only controls whether XML-RPC methods requiring authentication - * such as for publishing purposes - are enabled. * * Further, the filter does not control whether pingbacks or other custom endpoints that don't * require authentication are enabled. This behavior is expected, and due to how parity was matched * with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5. * * To disable XML-RPC methods that require authentication, use: * * add_filter( 'xmlrpc_enabled', '__return_false' ); * * For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'} * and {@see 'xmlrpc_element_limit'} hooks. * * @since 3.5.0 * * @param bool $is_enabled Whether XML-RPC is enabled. Default true. */ $this->is_enabled = apply_filters( 'xmlrpc_enabled', $is_enabled ); } /** * Makes private/protected methods readable for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return array|IXR_Error|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( '_multisite_getUsersBlogs' === $name ) { return $this->_multisite_getUsersBlogs( ...$arguments ); } return false; } /** * Serves the XML-RPC request. * * @since 2.9.0 */ public function serve_request() { $this->IXR_Server( $this->methods ); } /** * Tests XMLRPC API by saying, "Hello!" to client. * * @since 1.5.0 * * @return string Hello string response. */ public function sayHello() { return 'Hello!'; } /** * Tests XMLRPC API by adding two numbers for client. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 A number to add. * @type int $1 A second number to add. * } * @return int Sum of the two given numbers. */ public function addTwoNumbers( $args ) { $number1 = $args[0]; $number2 = $args[1]; return $number1 + $number2; } /** * Logs user in. * * @since 2.8.0 * * @param string $username User's username. * @param string $password User's password. * @return WP_User|false WP_User object if authentication passed, false otherwise. */ public function login( $username, #[\SensitiveParameter] $password ) { if ( ! $this->is_enabled ) { $this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this site.' ) ) ); return false; } if ( $this->auth_failed ) { $user = new WP_Error( 'login_prevented' ); } else { $user = wp_authenticate( $username, $password ); } if ( is_wp_error( $user ) ) { $this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) ); // Flag that authentication has failed once on this wp_xmlrpc_server instance. $this->auth_failed = true; /** * Filters the XML-RPC user login error message. * * @since 3.5.0 * * @param IXR_Error $error The XML-RPC error message. * @param WP_Error $user WP_Error object. */ $this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user ); return false; } wp_set_current_user( $user->ID ); return $user; } /** * Checks user's credentials. Deprecated. * * @since 1.5.0 * @deprecated 2.8.0 Use wp_xmlrpc_server::login() * @see wp_xmlrpc_server::login() * * @param string $username User's username. * @param string $password User's password. * @return bool Whether authentication passed. */ public function login_pass_ok( $username, #[\SensitiveParameter] $password ) { return (bool) $this->login( $username, $password ); } /** * Escapes string or array of strings for database. * * @since 1.5.2 * * @param string|array $data Escape single string or array of strings. * @return string|void Returns with string is passed, alters by-reference * when array is passed. */ public function escape( &$data ) { if ( ! is_array( $data ) ) { return wp_slash( $data ); } foreach ( $data as &$v ) { if ( is_array( $v ) ) { $this->escape( $v ); } elseif ( ! is_object( $v ) ) { $v = wp_slash( $v ); } } } /** * Sends error response to client. * * Sends an XML error response to the client. If the endpoint is enabled * an HTTP 200 response is always sent per the XML-RPC specification. * * @since 5.7.3 * * @param IXR_Error|string $error Error code or an error object. * @param false $message Error message. Optional. */ public function error( $error, $message = false ) { // Accepts either an error object or an error code and message if ( $message && ! is_object( $error ) ) { $error = new IXR_Error( $error, $message ); } if ( ! $this->is_enabled ) { status_header( $error->code ); } $this->output( $error->getXml() ); } /** * Retrieves custom fields for post. * * @since 2.5.0 * * @param int $post_id Post ID. * @return array Custom fields, if exist. */ public function get_custom_fields( $post_id ) { $post_id = (int) $post_id; $custom_fields = array(); foreach ( (array) has_meta( $post_id ) as $meta ) { // Don't expose protected fields. if ( ! current_user_can( 'edit_post_meta', $post_id, $meta['meta_key'] ) ) { continue; } $custom_fields[] = array( 'id' => $meta['meta_id'], 'key' => $meta['meta_key'], 'value' => $meta['meta_value'], ); } return $custom_fields; } /** * Sets custom fields for post. * * @since 2.5.0 * * @param int $post_id Post ID. * @param array $fields Custom fields. */ public function set_custom_fields( $post_id, $fields ) { $post_id = (int) $post_id; foreach ( (array) $fields as $meta ) { if ( isset( $meta['id'] ) ) { $meta['id'] = (int) $meta['id']; $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); if ( ! $pmeta || (int) $pmeta->post_id !== $post_id ) { continue; } if ( isset( $meta['key'] ) ) { $meta['key'] = wp_unslash( $meta['key'] ); if ( $meta['key'] !== $pmeta->meta_key ) { continue; } $meta['value'] = wp_unslash( $meta['value'] ); if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) { update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); } } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { delete_metadata_by_mid( 'post', $meta['id'] ); } } elseif ( current_user_can( 'add_post_meta', $post_id, wp_unslash( $meta['key'] ) ) ) { add_post_meta( $post_id, $meta['key'], $meta['value'] ); } } } /** * Retrieves custom fields for a term. * * @since 4.9.0 * * @param int $term_id Term ID. * @return array Array of custom fields, if they exist. */ public function get_term_custom_fields( $term_id ) { $term_id = (int) $term_id; $custom_fields = array(); foreach ( (array) has_term_meta( $term_id ) as $meta ) { if ( ! current_user_can( 'edit_term_meta', $term_id ) ) { continue; } $custom_fields[] = array( 'id' => $meta['meta_id'], 'key' => $meta['meta_key'], 'value' => $meta['meta_value'], ); } return $custom_fields; } /** * Sets custom fields for a term. * * @since 4.9.0 * * @param int $term_id Term ID. * @param array $fields Custom fields. */ public function set_term_custom_fields( $term_id, $fields ) { $term_id = (int) $term_id; foreach ( (array) $fields as $meta ) { if ( isset( $meta['id'] ) ) { $meta['id'] = (int) $meta['id']; $pmeta = get_metadata_by_mid( 'term', $meta['id'] ); if ( isset( $meta['key'] ) ) { $meta['key'] = wp_unslash( $meta['key'] ); if ( $meta['key'] !== $pmeta->meta_key ) { continue; } $meta['value'] = wp_unslash( $meta['value'] ); if ( current_user_can( 'edit_term_meta', $term_id ) ) { update_metadata_by_mid( 'term', $meta['id'], $meta['value'] ); } } elseif ( current_user_can( 'delete_term_meta', $term_id ) ) { delete_metadata_by_mid( 'term', $meta['id'] ); } } elseif ( current_user_can( 'add_term_meta', $term_id ) ) { add_term_meta( $term_id, $meta['key'], $meta['value'] ); } } } /** * Sets up blog options property. * * Passes property through {@see 'xmlrpc_blog_options'} filter. * * @since 2.6.0 */ public function initialise_blog_option_info() { $this->blog_options = array( // Read-only options. 'software_name' => array( 'desc' => __( 'Software Name' ), 'readonly' => true, 'value' => 'WordPress', ), 'software_version' => array( 'desc' => __( 'Software Version' ), 'readonly' => true, 'value' => get_bloginfo( 'version' ), ), 'blog_url' => array( 'desc' => __( 'WordPress Address (URL)' ), 'readonly' => true, 'option' => 'siteurl', ), 'home_url' => array( 'desc' => __( 'Site Address (URL)' ), 'readonly' => true, 'option' => 'home', ), 'login_url' => array( 'desc' => __( 'Login Address (URL)' ), 'readonly' => true, 'value' => wp_login_url(), ), 'admin_url' => array( 'desc' => __( 'The URL to the admin area' ), 'readonly' => true, 'value' => get_admin_url(), ), 'image_default_link_type' => array( 'desc' => __( 'Image default link type' ), 'readonly' => true, 'option' => 'image_default_link_type', ), 'image_default_size' => array( 'desc' => __( 'Image default size' ), 'readonly' => true, 'option' => 'image_default_size', ), 'image_default_align' => array( 'desc' => __( 'Image default align' ), 'readonly' => true, 'option' => 'image_default_align', ), 'template' => array( 'desc' => __( 'Template' ), 'readonly' => true, 'option' => 'template', ), 'stylesheet' => array( 'desc' => __( 'Stylesheet' ), 'readonly' => true, 'option' => 'stylesheet', ), 'post_thumbnail' => array( 'desc' => __( 'Post Thumbnail' ), 'readonly' => true, 'value' => current_theme_supports( 'post-thumbnails' ), ), // Updatable options. 'time_zone' => array( 'desc' => __( 'Time Zone' ), 'readonly' => false, 'option' => 'gmt_offset', ), 'blog_title' => array( 'desc' => __( 'Site Title' ), 'readonly' => false, 'option' => 'blogname', ), 'blog_tagline' => array( 'desc' => __( 'Site Tagline' ), 'readonly' => false, 'option' => 'blogdescription', ), 'date_format' => array( 'desc' => __( 'Date Format' ), 'readonly' => false, 'option' => 'date_format', ), 'time_format' => array( 'desc' => __( 'Time Format' ), 'readonly' => false, 'option' => 'time_format', ), 'users_can_register' => array( 'desc' => __( 'Allow new users to sign up' ), 'readonly' => false, 'option' => 'users_can_register', ), 'thumbnail_size_w' => array( 'desc' => __( 'Thumbnail Width' ), 'readonly' => false, 'option' => 'thumbnail_size_w', ), 'thumbnail_size_h' => array( 'desc' => __( 'Thumbnail Height' ), 'readonly' => false, 'option' => 'thumbnail_size_h', ), 'thumbnail_crop' => array( 'desc' => __( 'Crop thumbnail to exact dimensions' ), 'readonly' => false, 'option' => 'thumbnail_crop', ), 'medium_size_w' => array( 'desc' => __( 'Medium size image width' ), 'readonly' => false, 'option' => 'medium_size_w', ), 'medium_size_h' => array( 'desc' => __( 'Medium size image height' ), 'readonly' => false, 'option' => 'medium_size_h', ), 'medium_large_size_w' => array( 'desc' => __( 'Medium-Large size image width' ), 'readonly' => false, 'option' => 'medium_large_size_w', ), 'medium_large_size_h' => array( 'desc' => __( 'Medium-Large size image height' ), 'readonly' => false, 'option' => 'medium_large_size_h', ), 'large_size_w' => array( 'desc' => __( 'Large size image width' ), 'readonly' => false, 'option' => 'large_size_w', ), 'large_size_h' => array( 'desc' => __( 'Large size image height' ), 'readonly' => false, 'option' => 'large_size_h', ), 'default_comment_status' => array( 'desc' => __( 'Allow people to submit comments on new posts.' ), 'readonly' => false, 'option' => 'default_comment_status', ), 'default_ping_status' => array( 'desc' => __( 'Allow link notifications from other blogs (pingbacks and trackbacks) on new posts.' ), 'readonly' => false, 'option' => 'default_ping_status', ), ); /** * Filters the XML-RPC blog options property. * * @since 2.6.0 * * @param array $blog_options An array of XML-RPC blog options. */ $this->blog_options = apply_filters( 'xmlrpc_blog_options', $this->blog_options ); } /** * Retrieves the blogs of the user. * * @since 2.6.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type string $0 Username. * @type string $1 Password. * } * @return array|IXR_Error Array contains: * - 'isAdmin' * - 'isPrimary' - whether the blog is the user's primary blog * - 'url' * - 'blogid' * - 'blogName' * - 'xmlrpc' - url of xmlrpc endpoint */ public function wp_getUsersBlogs( $args ) { if ( ! $this->minimum_args( $args, 2 ) ) { return $this->error; } // If this isn't on WPMU then just use blogger_getUsersBlogs(). if ( ! is_multisite() ) { array_unshift( $args, 1 ); return $this->blogger_getUsersBlogs( $args ); } $this->escape( $args ); $username = $args[0]; $password = $args[1]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** * Fires after the XML-RPC user has been authenticated but before the rest of * the method logic begins. * * All built-in XML-RPC methods use the action xmlrpc_call, with a parameter * equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc. * * @since 2.5.0 * @since 5.7.0 Added the `$args` and `$server` parameters. * * @param string $name The method name. * @param array|string $args The escaped arguments passed to the method. * @param wp_xmlrpc_server $server The XML-RPC server instance. */ do_action( 'xmlrpc_call', 'wp.getUsersBlogs', $args, $this ); $blogs = (array) get_blogs_of_user( $user->ID ); $struct = array(); $primary_blog_id = 0; $active_blog = get_active_blog_for_user( $user->ID ); if ( $active_blog ) { $primary_blog_id = (int) $active_blog->blog_id; } $current_network_id = get_current_network_id(); foreach ( $blogs as $blog ) { // Don't include blogs that aren't hosted at this site. if ( $blog->site_id !== $current_network_id ) { continue; } $blog_id = $blog->userblog_id; switch_to_blog( $blog_id ); $is_admin = current_user_can( 'manage_options' ); $is_primary = ( (int) $blog_id === $primary_blog_id ); $struct[] = array( 'isAdmin' => $is_admin, 'isPrimary' => $is_primary, 'url' => home_url( '/' ), 'blogid' => (string) $blog_id, 'blogName' => get_option( 'blogname' ), 'xmlrpc' => site_url( 'xmlrpc.php', 'rpc' ), ); restore_current_blog(); } return $struct; } /** * Checks if the method received at least the minimum number of arguments. * * @since 3.4.0 * * @param array $args An array of arguments to check. * @param int $count Minimum number of arguments. * @return bool True if `$args` contains at least `$count` arguments, false otherwise. */ protected function minimum_args( $args, $count ) { if ( ! is_array( $args ) || count( $args ) < $count ) { $this->error = new IXR_Error( 400, __( 'Insufficient arguments passed to this XML-RPC method.' ) ); return false; } return true; } /** * Prepares taxonomy data for return in an XML-RPC object. * * @param WP_Taxonomy $taxonomy The unprepared taxonomy data. * @param array $fields The subset of taxonomy fields to return. * @return array The prepared taxonomy data. */ protected function _prepare_taxonomy( $taxonomy, $fields ) { $_taxonomy = array( 'name' => $taxonomy->name, 'label' => $taxonomy->label, 'hierarchical' => (bool) $taxonomy->hierarchical, 'public' => (bool) $taxonomy->public, 'show_ui' => (bool) $taxonomy->show_ui, '_builtin' => (bool) $taxonomy->_builtin, ); if ( in_array( 'labels', $fields, true ) ) { $_taxonomy['labels'] = (array) $taxonomy->labels; } if ( in_array( 'cap', $fields, true ) ) { $_taxonomy['cap'] = (array) $taxonomy->cap; } if ( in_array( 'menu', $fields, true ) ) { $_taxonomy['show_in_menu'] = (bool) $taxonomy->show_in_menu; } if ( in_array( 'object_type', $fields, true ) ) { $_taxonomy['object_type'] = array_unique( (array) $taxonomy->object_type ); } /** * Filters XML-RPC-prepared data for the given taxonomy. * * @since 3.4.0 * * @param array $_taxonomy An array of taxonomy data. * @param WP_Taxonomy $taxonomy Taxonomy object. * @param array $fields The subset of taxonomy fields to return. */ return apply_filters( 'xmlrpc_prepare_taxonomy', $_taxonomy, $taxonomy, $fields ); } /** * Prepares term data for return in an XML-RPC object. * * @param array|object $term The unprepared term data. * @return array The prepared term data. */ protected function _prepare_term( $term ) { $_term = $term; if ( ! is_array( $_term ) ) { $_term = get_object_vars( $_term ); } // For integers which may be larger than XML-RPC supports ensure we return strings. $_term['term_id'] = (string) $_term['term_id']; $_term['term_group'] = (string) $_term['term_group']; $_term['term_taxonomy_id'] = (string) $_term['term_taxonomy_id']; $_term['parent'] = (string) $_term['parent']; // Count we are happy to return as an integer because people really shouldn't use terms that much. $_term['count'] = (int) $_term['count']; // Get term meta. $_term['custom_fields'] = $this->get_term_custom_fields( $_term['term_id'] ); /** * Filters XML-RPC-prepared data for the given term. * * @since 3.4.0 * * @param array $_term An array of term data. * @param array|object $term Term object or array. */ return apply_filters( 'xmlrpc_prepare_term', $_term, $term ); } /** * Converts a WordPress date string to an IXR_Date object. * * @param string $date Date string to convert. * @return IXR_Date IXR_Date object. */ protected function _convert_date( $date ) { if ( '0000-00-00 00:00:00' === $date ) { return new IXR_Date( '00000000T00:00:00Z' ); } return new IXR_Date( mysql2date( 'Ymd\TH:i:s', $date, false ) ); } /** * Converts a WordPress GMT date string to an IXR_Date object. * * @param string $date_gmt WordPress GMT date string. * @param string $date Date string. * @return IXR_Date IXR_Date object. */ protected function _convert_date_gmt( $date_gmt, $date ) { if ( '0000-00-00 00:00:00' !== $date && '0000-00-00 00:00:00' === $date_gmt ) { return new IXR_Date( get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $date, false ), 'Ymd\TH:i:s' ) ); } return $this->_convert_date( $date_gmt ); } /** * Prepares post data for return in an XML-RPC object. * * @param array $post The unprepared post data. * @param array $fields The subset of post type fields to return. * @return array The prepared post data. */ protected function _prepare_post( $post, $fields ) { // Holds the data for this post. built up based on $fields. $_post = array( 'post_id' => (string) $post['ID'] ); // Prepare common post fields. $post_fields = array( 'post_title' => $post['post_title'], 'post_date' => $this->_convert_date( $post['post_date'] ), 'post_date_gmt' => $this->_convert_date_gmt( $post['post_date_gmt'], $post['post_date'] ), 'post_modified' => $this->_convert_date( $post['post_modified'] ), 'post_modified_gmt' => $this->_convert_date_gmt( $post['post_modified_gmt'], $post['post_modified'] ), 'post_status' => $post['post_status'], 'post_type' => $post['post_type'], 'post_name' => $post['post_name'], 'post_author' => $post['post_author'], 'post_password' => $post['post_password'], 'post_excerpt' => $post['post_excerpt'], 'post_content' => $post['post_content'], 'post_parent' => (string) $post['post_parent'], 'post_mime_type' => $post['post_mime_type'], 'link' => get_permalink( $post['ID'] ), 'guid' => $post['guid'], 'menu_order' => (int) $post['menu_order'], 'comment_status' => $post['comment_status'], 'ping_status' => $post['ping_status'], 'sticky' => ( 'post' === $post['post_type'] && is_sticky( $post['ID'] ) ), ); // Thumbnail. $post_fields['post_thumbnail'] = array(); $thumbnail_id = get_post_thumbnail_id( $post['ID'] ); if ( $thumbnail_id ) { $thumbnail_size = current_theme_supports( 'post-thumbnail' ) ? 'post-thumbnail' : 'thumbnail'; $post_fields['post_thumbnail'] = $this->_prepare_media_item( get_post( $thumbnail_id ), $thumbnail_size ); } // Consider future posts as published. if ( 'future' === $post_fields['post_status'] ) { $post_fields['post_status'] = 'publish'; } // Fill in blank post format. $post_fields['post_format'] = get_post_format( $post['ID'] ); if ( empty( $post_fields['post_format'] ) ) { $post_fields['post_format'] = 'standard'; } // Merge requested $post_fields fields into $_post. if ( in_array( 'post', $fields, true ) ) { $_post = array_merge( $_post, $post_fields ); } else { $requested_fields = array_intersect_key( $post_fields, array_flip( $fields ) ); $_post = array_merge( $_post, $requested_fields ); } $all_taxonomy_fields = in_array( 'taxonomies', $fields, true ); if ( $all_taxonomy_fields || in_array( 'terms', $fields, true ) ) { $post_type_taxonomies = get_object_taxonomies( $post['post_type'], 'names' ); $terms = wp_get_object_terms( $post['ID'], $post_type_taxonomies ); $_post['terms'] = array(); foreach ( $terms as $term ) { $_post['terms'][] = $this->_prepare_term( $term ); } } if ( in_array( 'custom_fields', $fields, true ) ) { $_post['custom_fields'] = $this->get_custom_fields( $post['ID'] ); } if ( in_array( 'enclosure', $fields, true ) ) { $_post['enclosure'] = array(); $enclosures = (array) get_post_meta( $post['ID'], 'enclosure' ); if ( ! empty( $enclosures ) ) { $encdata = explode( "\n", $enclosures[0] ); $_post['enclosure']['url'] = trim( htmlspecialchars( $encdata[0] ) ); $_post['enclosure']['length'] = (int) trim( $encdata[1] ); $_post['enclosure']['type'] = trim( $encdata[2] ); } } /** * Filters XML-RPC-prepared date for the given post. * * @since 3.4.0 * * @param array $_post An array of modified post data. * @param array $post An array of post data. * @param array $fields An array of post fields. */ return apply_filters( 'xmlrpc_prepare_post', $_post, $post, $fields ); } /** * Prepares post data for return in an XML-RPC object. * * @since 3.4.0 * @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object. * * @param WP_Post_Type $post_type Post type object. * @param array $fields The subset of post fields to return. * @return array The prepared post type data. */ protected function _prepare_post_type( $post_type, $fields ) { $_post_type = array( 'name' => $post_type->name, 'label' => $post_type->label, 'hierarchical' => (bool) $post_type->hierarchical, 'public' => (bool) $post_type->public, 'show_ui' => (bool) $post_type->show_ui, '_builtin' => (bool) $post_type->_builtin, 'has_archive' => (bool) $post_type->has_archive, 'supports' => get_all_post_type_supports( $post_type->name ), ); if ( in_array( 'labels', $fields, true ) ) { $_post_type['labels'] = (array) $post_type->labels; } if ( in_array( 'cap', $fields, true ) ) { $_post_type['cap'] = (array) $post_type->cap; $_post_type['map_meta_cap'] = (bool) $post_type->map_meta_cap; } if ( in_array( 'menu', $fields, true ) ) { $_post_type['menu_position'] = (int) $post_type->menu_position; $_post_type['menu_icon'] = $post_type->menu_icon; $_post_type['show_in_menu'] = (bool) $post_type->show_in_menu; } if ( in_array( 'taxonomies', $fields, true ) ) { $_post_type['taxonomies'] = get_object_taxonomies( $post_type->name, 'names' ); } /** * Filters XML-RPC-prepared date for the given post type. * * @since 3.4.0 * @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object. * * @param array $_post_type An array of post type data. * @param WP_Post_Type $post_type Post type object. */ return apply_filters( 'xmlrpc_prepare_post_type', $_post_type, $post_type ); } /** * Prepares media item data for return in an XML-RPC object. * * @param WP_Post $media_item The unprepared media item data. * @param string $thumbnail_size The image size to use for the thumbnail URL. * @return array The prepared media item data. */ protected function _prepare_media_item( $media_item, $thumbnail_size = 'thumbnail' ) { $_media_item = array( 'attachment_id' => (string) $media_item->ID, 'date_created_gmt' => $this->_convert_date_gmt( $media_item->post_date_gmt, $media_item->post_date ), 'parent' => $media_item->post_parent, 'link' => wp_get_attachment_url( $media_item->ID ), 'title' => $media_item->post_title, 'caption' => $media_item->post_excerpt, 'description' => $media_item->post_content, 'metadata' => wp_get_attachment_metadata( $media_item->ID ), 'type' => $media_item->post_mime_type, 'alt' => get_post_meta( $media_item->ID, '_wp_attachment_image_alt', true ), ); $thumbnail_src = image_downsize( $media_item->ID, $thumbnail_size ); if ( $thumbnail_src ) { $_media_item['thumbnail'] = $thumbnail_src[0]; } else { $_media_item['thumbnail'] = $_media_item['link']; } /** * Filters XML-RPC-prepared data for the given media item. * * @since 3.4.0 * * @param array $_media_item An array of media item data. * @param WP_Post $media_item Media item object. * @param string $thumbnail_size Image size. */ return apply_filters( 'xmlrpc_prepare_media_item', $_media_item, $media_item, $thumbnail_size ); } /** * Prepares page data for return in an XML-RPC object. * * @param WP_Post $page The unprepared page data. * @return array The prepared page data. */ protected function _prepare_page( $page ) { // Get all of the page content and link. $full_page = get_extended( $page->post_content ); $link = get_permalink( $page->ID ); // Get info the page parent if there is one. $parent_title = ''; if ( ! empty( $page->post_parent ) ) { $parent = get_post( $page->post_parent ); $parent_title = $parent->post_title; } // Determine comment and ping settings. $allow_comments = comments_open( $page->ID ) ? 1 : 0; $allow_pings = pings_open( $page->ID ) ? 1 : 0; // Format page date. $page_date = $this->_convert_date( $page->post_date ); $page_date_gmt = $this->_convert_date_gmt( $page->post_date_gmt, $page->post_date ); // Pull the categories info together. $categories = array(); if ( is_object_in_taxonomy( 'page', 'category' ) ) { foreach ( wp_get_post_categories( $page->ID ) as $cat_id ) { $categories[] = get_cat_name( $cat_id ); } } // Get the author info. $author = get_userdata( $page->post_author ); $page_template = get_page_template_slug( $page->ID ); if ( empty( $page_template ) ) { $page_template = 'default'; } $_page = array( 'dateCreated' => $page_date, 'userid' => $page->post_author, 'page_id' => $page->ID, 'page_status' => $page->post_status, 'description' => $full_page['main'], 'title' => $page->post_title, 'link' => $link, 'permaLink' => $link, 'categories' => $categories, 'excerpt' => $page->post_excerpt, 'text_more' => $full_page['extended'], 'mt_allow_comments' => $allow_comments, 'mt_allow_pings' => $allow_pings, 'wp_slug' => $page->post_name, 'wp_password' => $page->post_password, 'wp_author' => $author->display_name, 'wp_page_parent_id' => $page->post_parent, 'wp_page_parent_title' => $parent_title, 'wp_page_order' => $page->menu_order, 'wp_author_id' => (string) $author->ID, 'wp_author_display_name' => $author->display_name, 'date_created_gmt' => $page_date_gmt, 'custom_fields' => $this->get_custom_fields( $page->ID ), 'wp_page_template' => $page_template, ); /** * Filters XML-RPC-prepared data for the given page. * * @since 3.4.0 * * @param array $_page An array of page data. * @param WP_Post $page Page object. */ return apply_filters( 'xmlrpc_prepare_page', $_page, $page ); } /** * Prepares comment data for return in an XML-RPC object. * * @param WP_Comment $comment The unprepared comment data. * @return array The prepared comment data. */ protected function _prepare_comment( $comment ) { // Format page date. $comment_date_gmt = $this->_convert_date_gmt( $comment->comment_date_gmt, $comment->comment_date ); if ( '0' === $comment->comment_approved ) { $comment_status = 'hold'; } elseif ( 'spam' === $comment->comment_approved ) { $comment_status = 'spam'; } elseif ( '1' === $comment->comment_approved ) { $comment_status = 'approve'; } else { $comment_status = $comment->comment_approved; } $_comment = array( 'date_created_gmt' => $comment_date_gmt, 'user_id' => $comment->user_id, 'comment_id' => $comment->comment_ID, 'parent' => $comment->comment_parent, 'status' => $comment_status, 'content' => $comment->comment_content, 'link' => get_comment_link( $comment ), 'post_id' => $comment->comment_post_ID, 'post_title' => get_the_title( $comment->comment_post_ID ), 'author' => $comment->comment_author, 'author_url' => $comment->comment_author_url, 'author_email' => $comment->comment_author_email, 'author_ip' => $comment->comment_author_IP, 'type' => $comment->comment_type, ); /** * Filters XML-RPC-prepared data for the given comment. * * @since 3.4.0 * * @param array $_comment An array of prepared comment data. * @param WP_Comment $comment Comment object. */ return apply_filters( 'xmlrpc_prepare_comment', $_comment, $comment ); } /** * Prepares user data for return in an XML-RPC object. * * @param WP_User $user The unprepared user object. * @param array $fields The subset of user fields to return. * @return array The prepared user data. */ protected function _prepare_user( $user, $fields ) { $_user = array( 'user_id' => (string) $user->ID ); $user_fields = array( 'username' => $user->user_login, 'first_name' => $user->user_firstname, 'last_name' => $user->user_lastname, 'registered' => $this->_convert_date( $user->user_registered ), 'bio' => $user->user_description, 'email' => $user->user_email, 'nickname' => $user->nickname, 'nicename' => $user->user_nicename, 'url' => $user->user_url, 'display_name' => $user->display_name, 'roles' => $user->roles, ); if ( in_array( 'all', $fields, true ) ) { $_user = array_merge( $_user, $user_fields ); } else { if ( in_array( 'basic', $fields, true ) ) { $basic_fields = array( 'username', 'email', 'registered', 'display_name', 'nicename' ); $fields = array_merge( $fields, $basic_fields ); } $requested_fields = array_intersect_key( $user_fields, array_flip( $fields ) ); $_user = array_merge( $_user, $requested_fields ); } /** * Filters XML-RPC-prepared data for the given user. * * @since 3.5.0 * * @param array $_user An array of user data. * @param WP_User $user User object. * @param array $fields An array of user fields. */ return apply_filters( 'xmlrpc_prepare_user', $_user, $user, $fields ); } /** * Creates a new post for any registered post type. * * @since 3.4.0 * * @link https://en.wikipedia.org/wiki/RSS_enclosure for information on RSS enclosures. * * @param array $args { * Method arguments. Note: top-level arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 { * Content struct for adding a new post. See wp_insert_post() for information on * additional post fields * * @type string $post_type Post type. Default 'post'. * @type string $post_status Post status. Default 'draft' * @type string $post_title Post title. * @type int $post_author Post author ID. * @type string $post_excerpt Post excerpt. * @type string $post_content Post content. * @type string $post_date_gmt Post date in GMT. * @type string $post_date Post date. * @type string $post_password Post password (20-character limit). * @type string $comment_status Post comment enabled status. Accepts 'open' or 'closed'. * @type string $ping_status Post ping status. Accepts 'open' or 'closed'. * @type bool $sticky Whether the post should be sticky. Automatically false if * `$post_status` is 'private'. * @type int $post_thumbnail ID of an image to use as the post thumbnail/featured image. * @type array $custom_fields Array of meta key/value pairs to add to the post. * @type array $terms Associative array with taxonomy names as keys and arrays * of term IDs as values. * @type array $terms_names Associative array with taxonomy names as keys and arrays * of term names as values. * @type array $enclosure { * Array of feed enclosure data to add to post meta. * * @type string $url URL for the feed enclosure. * @type int $length Size in bytes of the enclosure. * @type string $type Mime-type for the enclosure. * } * } * } * @return int|IXR_Error Post ID on success, IXR_Error instance otherwise. */ public function wp_newPost( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } // Convert the date field back to IXR form. if ( isset( $content_struct['post_date'] ) && ! ( $content_struct['post_date'] instanceof IXR_Date ) ) { $content_struct['post_date'] = $this->_convert_date( $content_struct['post_date'] ); } /* * Ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct, * since _insert_post() will ignore the non-GMT date if the GMT date is set. */ if ( isset( $content_struct['post_date_gmt'] ) && ! ( $content_struct['post_date_gmt'] instanceof IXR_Date ) ) { if ( '0000-00-00 00:00:00' === $content_struct['post_date_gmt'] || isset( $content_struct['post_date'] ) ) { unset( $content_struct['post_date_gmt'] ); } else { $content_struct['post_date_gmt'] = $this->_convert_date( $content_struct['post_date_gmt'] ); } } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newPost', $args, $this ); unset( $content_struct['ID'] ); return $this->_insert_post( $user, $content_struct ); } /** * Helper method for filtering out elements from an array. * * @since 3.4.0 * * @param int $count Number to compare to one. * @return bool True if the number is greater than one, false otherwise. */ private function _is_greater_than_one( $count ) { return $count > 1; } /** * Encapsulates the logic for sticking a post and determining if * the user has permission to do so. * * @since 4.3.0 * * @param array $post_data * @param bool $update * @return void|IXR_Error */ private function _toggle_sticky( $post_data, $update = false ) { $post_type = get_post_type_object( $post_data['post_type'] ); // Private and password-protected posts cannot be stickied. if ( 'private' === $post_data['post_status'] || ! empty( $post_data['post_password'] ) ) { // Error if the client tried to stick the post, otherwise, silently unstick. if ( ! empty( $post_data['sticky'] ) ) { return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) ); } if ( $update ) { unstick_post( $post_data['ID'] ); } } elseif ( isset( $post_data['sticky'] ) ) { if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to make posts sticky.' ) ); } $sticky = wp_validate_boolean( $post_data['sticky'] ); if ( $sticky ) { stick_post( $post_data['ID'] ); } else { unstick_post( $post_data['ID'] ); } } } /** * Helper method for wp_newPost() and wp_editPost(), containing shared logic. * * @since 3.4.0 * * @see wp_insert_post() * * @param WP_User $user The post author if post_author isn't set in $content_struct. * @param array|IXR_Error $content_struct Post data to insert. * @return IXR_Error|string */ protected function _insert_post( $user, $content_struct ) { $defaults = array( 'post_status' => 'draft', 'post_type' => 'post', 'post_author' => 0, 'post_password' => '', 'post_excerpt' => '', 'post_content' => '', 'post_title' => '', 'post_date' => '', 'post_date_gmt' => '', 'post_format' => null, 'post_name' => null, 'post_thumbnail' => null, 'post_parent' => 0, 'ping_status' => '', 'comment_status' => '', 'custom_fields' => null, 'terms_names' => null, 'terms' => null, 'sticky' => null, 'enclosure' => null, 'ID' => null, ); $post_data = wp_parse_args( array_intersect_key( $content_struct, $defaults ), $defaults ); $post_type = get_post_type_object( $post_data['post_type'] ); if ( ! $post_type ) { return new IXR_Error( 403, __( 'Invalid post type.' ) ); } $update = ! empty( $post_data['ID'] ); if ( $update ) { if ( ! get_post( $post_data['ID'] ) ) { return new IXR_Error( 401, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_data['ID'] ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } if ( get_post_type( $post_data['ID'] ) !== $post_data['post_type'] ) { return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); } } else { if ( ! current_user_can( $post_type->cap->create_posts ) || ! current_user_can( $post_type->cap->edit_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) ); } } switch ( $post_data['post_status'] ) { case 'draft': case 'pending': break; case 'private': if ( ! current_user_can( $post_type->cap->publish_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type.' ) ); } break; case 'publish': case 'future': if ( ! current_user_can( $post_type->cap->publish_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type.' ) ); } break; default: if ( ! get_post_status_object( $post_data['post_status'] ) ) { $post_data['post_status'] = 'draft'; } break; } if ( ! empty( $post_data['post_password'] ) && ! current_user_can( $post_type->cap->publish_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type.' ) ); } $post_data['post_author'] = absint( $post_data['post_author'] ); if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] !== $user->ID ) { if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) ); } $author = get_userdata( $post_data['post_author'] ); if ( ! $author ) { return new IXR_Error( 404, __( 'Invalid author ID.' ) ); } } else { $post_data['post_author'] = $user->ID; } if ( 'open' !== $post_data['comment_status'] && 'closed' !== $post_data['comment_status'] ) { unset( $post_data['comment_status'] ); } if ( 'open' !== $post_data['ping_status'] && 'closed' !== $post_data['ping_status'] ) { unset( $post_data['ping_status'] ); } // Do some timestamp voodoo. if ( ! empty( $post_data['post_date_gmt'] ) ) { // We know this is supposed to be GMT, so we're going to slap that Z on there by force. $date_created = rtrim( $post_data['post_date_gmt']->getIso(), 'Z' ) . 'Z'; } elseif ( ! empty( $post_data['post_date'] ) ) { $date_created = $post_data['post_date']->getIso(); } // Default to not flagging the post date to be edited unless it's intentional. $post_data['edit_date'] = false; if ( ! empty( $date_created ) ) { $post_data['post_date'] = iso8601_to_datetime( $date_created ); $post_data['post_date_gmt'] = iso8601_to_datetime( $date_created, 'gmt' ); // Flag the post date to be edited. $post_data['edit_date'] = true; } if ( ! isset( $post_data['ID'] ) ) { $post_data['ID'] = get_default_post_to_edit( $post_data['post_type'], true )->ID; } $post_id = $post_data['ID']; if ( 'post' === $post_data['post_type'] ) { $error = $this->_toggle_sticky( $post_data, $update ); if ( $error ) { return $error; } } if ( isset( $post_data['post_thumbnail'] ) ) { // Empty value deletes, non-empty value adds/updates. if ( ! $post_data['post_thumbnail'] ) { delete_post_thumbnail( $post_id ); } elseif ( ! get_post( absint( $post_data['post_thumbnail'] ) ) ) { return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); } set_post_thumbnail( $post_id, $post_data['post_thumbnail'] ); unset( $content_struct['post_thumbnail'] ); } if ( isset( $post_data['custom_fields'] ) ) { $this->set_custom_fields( $post_id, $post_data['custom_fields'] ); } if ( isset( $post_data['terms'] ) || isset( $post_data['terms_names'] ) ) { $post_type_taxonomies = get_object_taxonomies( $post_data['post_type'], 'objects' ); // Accumulate term IDs from terms and terms_names. $terms = array(); // First validate the terms specified by ID. if ( isset( $post_data['terms'] ) && is_array( $post_data['terms'] ) ) { $taxonomies = array_keys( $post_data['terms'] ); // Validating term IDs. foreach ( $taxonomies as $taxonomy ) { if ( ! array_key_exists( $taxonomy, $post_type_taxonomies ) ) { return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) ); } if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->assign_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) ); } $term_ids = $post_data['terms'][ $taxonomy ]; $terms[ $taxonomy ] = array(); foreach ( $term_ids as $term_id ) { $term = get_term_by( 'id', $term_id, $taxonomy ); if ( ! $term ) { return new IXR_Error( 403, __( 'Invalid term ID.' ) ); } $terms[ $taxonomy ][] = (int) $term_id; } } } // Now validate terms specified by name. if ( isset( $post_data['terms_names'] ) && is_array( $post_data['terms_names'] ) ) { $taxonomies = array_keys( $post_data['terms_names'] ); foreach ( $taxonomies as $taxonomy ) { if ( ! array_key_exists( $taxonomy, $post_type_taxonomies ) ) { return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) ); } if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->assign_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) ); } /* * For hierarchical taxonomies, we can't assign a term when multiple terms * in the hierarchy share the same name. */ $ambiguous_terms = array(); if ( is_taxonomy_hierarchical( $taxonomy ) ) { $tax_term_names = get_terms( array( 'taxonomy' => $taxonomy, 'fields' => 'names', 'hide_empty' => false, ) ); // Count the number of terms with the same name. $tax_term_names_count = array_count_values( $tax_term_names ); // Filter out non-ambiguous term names. $ambiguous_tax_term_counts = array_filter( $tax_term_names_count, array( $this, '_is_greater_than_one' ) ); $ambiguous_terms = array_keys( $ambiguous_tax_term_counts ); } $term_names = $post_data['terms_names'][ $taxonomy ]; foreach ( $term_names as $term_name ) { if ( in_array( $term_name, $ambiguous_terms, true ) ) { return new IXR_Error( 401, __( 'Ambiguous term name used in a hierarchical taxonomy. Please use term ID instead.' ) ); } $term = get_term_by( 'name', $term_name, $taxonomy ); if ( ! $term ) { // Term doesn't exist, so check that the user is allowed to create new terms. if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->edit_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a term to one of the given taxonomies.' ) ); } // Create the new term. $term_info = wp_insert_term( $term_name, $taxonomy ); if ( is_wp_error( $term_info ) ) { return new IXR_Error( 500, $term_info->get_error_message() ); } $terms[ $taxonomy ][] = (int) $term_info['term_id']; } else { $terms[ $taxonomy ][] = (int) $term->term_id; } } } } $post_data['tax_input'] = $terms; unset( $post_data['terms'], $post_data['terms_names'] ); } if ( isset( $post_data['post_format'] ) ) { $format = set_post_format( $post_id, $post_data['post_format'] ); if ( is_wp_error( $format ) ) { return new IXR_Error( 500, $format->get_error_message() ); } unset( $post_data['post_format'] ); } // Handle enclosures. $enclosure = isset( $post_data['enclosure'] ) ? $post_data['enclosure'] : null; $this->add_enclosure_if_new( $post_id, $enclosure ); $this->attach_uploads( $post_id, $post_data['post_content'] ); /** * Filters post data array to be inserted via XML-RPC. * * @since 3.4.0 * * @param array $post_data Parsed array of post data. * @param array $content_struct Post data array. */ $post_data = apply_filters( 'xmlrpc_wp_insert_post_data', $post_data, $content_struct ); // Remove all null values to allow for using the insert/update post default values for those keys instead. $post_data = array_filter( $post_data, static function ( $value ) { return null !== $value; } ); $post_id = $update ? wp_update_post( $post_data, true ) : wp_insert_post( $post_data, true ); if ( is_wp_error( $post_id ) ) { return new IXR_Error( 500, $post_id->get_error_message() ); } if ( ! $post_id ) { if ( $update ) { return new IXR_Error( 401, __( 'Sorry, the post could not be updated.' ) ); } else { return new IXR_Error( 401, __( 'Sorry, the post could not be created.' ) ); } } return (string) $post_id; } /** * Edits a post for any registered post type. * * The $content_struct parameter only needs to contain fields that * should be changed. All other fields will retain their existing values. * * @since 3.4.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Post ID. * @type array $4 Extra content arguments. * } * @return true|IXR_Error True on success, IXR_Error on failure. */ public function wp_editPost( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; $content_struct = $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editPost', $args, $this ); $post = get_post( $post_id, ARRAY_A ); if ( empty( $post['ID'] ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( isset( $content_struct['if_not_modified_since'] ) ) { // If the post has been modified since the date provided, return an error. if ( mysql2date( 'U', $post['post_modified_gmt'] ) > $content_struct['if_not_modified_since']->getTimestamp() ) { return new IXR_Error( 409, __( 'There is a revision of this post that is more recent.' ) ); } } // Convert the date field back to IXR form. $post['post_date'] = $this->_convert_date( $post['post_date'] ); /* * Ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct, * since _insert_post() will ignore the non-GMT date if the GMT date is set. */ if ( '0000-00-00 00:00:00' === $post['post_date_gmt'] || isset( $content_struct['post_date'] ) ) { unset( $post['post_date_gmt'] ); } else { $post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] ); } /* * If the API client did not provide 'post_date', then we must not perpetuate the value that * was stored in the database, or it will appear to be an intentional edit. Conveying it here * as if it was coming from the API client will cause an otherwise zeroed out 'post_date_gmt' * to get set with the value that was originally stored in the database when the draft was created. */ if ( ! isset( $content_struct['post_date'] ) ) { unset( $post['post_date'] ); } $this->escape( $post ); $merged_content_struct = array_merge( $post, $content_struct ); $retval = $this->_insert_post( $user, $merged_content_struct ); if ( $retval instanceof IXR_Error ) { return $retval; } return true; } /** * Deletes a post for any registered post type. * * @since 3.4.0 * * @see wp_delete_post() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Post ID. * } * @return true|IXR_Error True on success, IXR_Error instance on failure. */ public function wp_deletePost( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deletePost', $args, $this ); $post = get_post( $post_id, ARRAY_A ); if ( empty( $post['ID'] ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'delete_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) ); } $result = wp_delete_post( $post_id ); if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the post could not be deleted.' ) ); } return true; } /** * Retrieves a post. * * @since 3.4.0 * * The optional $fields parameter specifies what fields will be included * in the response array. This should be a list of field names. 'post_id' will * always be included in the response regardless of the value of $fields. * * Instead of, or in addition to, individual field names, conceptual group * names can be used to specify multiple fields. The available conceptual * groups are 'post' (all basic fields), 'taxonomies', 'custom_fields', * and 'enclosure'. * * @see get_post() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Post ID. * @type array $4 Optional. The subset of post type fields to return. * } * @return array|IXR_Error Array contains (based on $fields parameter): * - 'post_id' * - 'post_title' * - 'post_date' * - 'post_date_gmt' * - 'post_modified' * - 'post_modified_gmt' * - 'post_status' * - 'post_type' * - 'post_name' * - 'post_author' * - 'post_password' * - 'post_excerpt' * - 'post_content' * - 'link' * - 'comment_status' * - 'ping_status' * - 'sticky' * - 'custom_fields' * - 'terms' * - 'categories' * - 'tags' * - 'enclosure' */ public function wp_getPost( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** * Filters the default post query fields used by the given XML-RPC method. * * @since 3.4.0 * * @param array $fields An array of post fields to retrieve. By default, * contains 'post', 'terms', and 'custom_fields'. * @param string $method Method name. */ $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPost' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPost', $args, $this ); $post = get_post( $post_id, ARRAY_A ); if ( empty( $post['ID'] ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } return $this->_prepare_post( $post, $fields ); } /** * Retrieves posts. * * @since 3.4.0 * * @see wp_get_recent_posts() * @see wp_getPost() for more on `$fields` * @see get_posts() for more on `$filter` values * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Modifies the query used to retrieve posts. Accepts 'post_type', * 'post_status', 'number', 'offset', 'orderby', 's', and 'order'. * Default empty array. * @type array $4 Optional. The subset of post type fields to return in the response array. * } * @return array|IXR_Error Array containing a collection of posts. */ public function wp_getPosts( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array(); if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPosts' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPosts', $args, $this ); $query = array(); if ( isset( $filter['post_type'] ) ) { $post_type = get_post_type_object( $filter['post_type'] ); if ( ! ( (bool) $post_type ) ) { return new IXR_Error( 403, __( 'Invalid post type.' ) ); } } else { $post_type = get_post_type_object( 'post' ); } if ( ! current_user_can( $post_type->cap->edit_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) ); } $query['post_type'] = $post_type->name; if ( isset( $filter['post_status'] ) ) { $query['post_status'] = $filter['post_status']; } if ( isset( $filter['number'] ) ) { $query['numberposts'] = absint( $filter['number'] ); } if ( isset( $filter['offset'] ) ) { $query['offset'] = absint( $filter['offset'] ); } if ( isset( $filter['orderby'] ) ) { $query['orderby'] = $filter['orderby']; if ( isset( $filter['order'] ) ) { $query['order'] = $filter['order']; } } if ( isset( $filter['s'] ) ) { $query['s'] = $filter['s']; } $posts_list = wp_get_recent_posts( $query ); if ( ! $posts_list ) { return array(); } // Holds all the posts data. $struct = array(); foreach ( $posts_list as $post ) { if ( ! current_user_can( 'edit_post', $post['ID'] ) ) { continue; } $struct[] = $this->_prepare_post( $post, $fields ); } return $struct; } /** * Creates a new term. * * @since 3.4.0 * * @see wp_insert_term() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Content struct for adding a new term. The struct must contain * the term 'name' and 'taxonomy'. Optional accepted values include * 'parent', 'description', and 'slug'. * } * @return int|IXR_Error The term ID on success, or an IXR_Error object on failure. */ public function wp_newTerm( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newTerm', $args, $this ); if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $content_struct['taxonomy'] ); if ( ! current_user_can( $taxonomy->cap->edit_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create terms in this taxonomy.' ) ); } $taxonomy = (array) $taxonomy; // Hold the data of the term. $term_data = array(); $term_data['name'] = trim( $content_struct['name'] ); if ( empty( $term_data['name'] ) ) { return new IXR_Error( 403, __( 'The term name cannot be empty.' ) ); } if ( isset( $content_struct['parent'] ) ) { if ( ! $taxonomy['hierarchical'] ) { return new IXR_Error( 403, __( 'This taxonomy is not hierarchical.' ) ); } $parent_term_id = (int) $content_struct['parent']; $parent_term = get_term( $parent_term_id, $taxonomy['name'] ); if ( is_wp_error( $parent_term ) ) { return new IXR_Error( 500, $parent_term->get_error_message() ); } if ( ! $parent_term ) { return new IXR_Error( 403, __( 'Parent term does not exist.' ) ); } $term_data['parent'] = $content_struct['parent']; } if ( isset( $content_struct['description'] ) ) { $term_data['description'] = $content_struct['description']; } if ( isset( $content_struct['slug'] ) ) { $term_data['slug'] = $content_struct['slug']; } $term = wp_insert_term( $term_data['name'], $taxonomy['name'], $term_data ); if ( is_wp_error( $term ) ) { return new IXR_Error( 500, $term->get_error_message() ); } if ( ! $term ) { return new IXR_Error( 500, __( 'Sorry, the term could not be created.' ) ); } // Add term meta. if ( isset( $content_struct['custom_fields'] ) ) { $this->set_term_custom_fields( $term['term_id'], $content_struct['custom_fields'] ); } return (string) $term['term_id']; } /** * Edits a term. * * @since 3.4.0 * * @see wp_update_term() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Term ID. * @type array $4 Content struct for editing a term. The struct must contain the * term 'taxonomy'. Optional accepted values include 'name', 'parent', * 'description', and 'slug'. * } * @return true|IXR_Error True on success, IXR_Error instance on failure. */ public function wp_editTerm( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $term_id = (int) $args[3]; $content_struct = $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editTerm', $args, $this ); if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $content_struct['taxonomy'] ); $taxonomy = (array) $taxonomy; // Hold the data of the term. $term_data = array(); $term = get_term( $term_id, $content_struct['taxonomy'] ); if ( is_wp_error( $term ) ) { return new IXR_Error( 500, $term->get_error_message() ); } if ( ! $term ) { return new IXR_Error( 404, __( 'Invalid term ID.' ) ); } if ( ! current_user_can( 'edit_term', $term_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this term.' ) ); } if ( isset( $content_struct['name'] ) ) { $term_data['name'] = trim( $content_struct['name'] ); if ( empty( $term_data['name'] ) ) { return new IXR_Error( 403, __( 'The term name cannot be empty.' ) ); } } if ( ! empty( $content_struct['parent'] ) ) { if ( ! $taxonomy['hierarchical'] ) { return new IXR_Error( 403, __( 'Cannot set parent term, taxonomy is not hierarchical.' ) ); } $parent_term_id = (int) $content_struct['parent']; $parent_term = get_term( $parent_term_id, $taxonomy['name'] ); if ( is_wp_error( $parent_term ) ) { return new IXR_Error( 500, $parent_term->get_error_message() ); } if ( ! $parent_term ) { return new IXR_Error( 403, __( 'Parent term does not exist.' ) ); } $term_data['parent'] = $content_struct['parent']; } if ( isset( $content_struct['description'] ) ) { $term_data['description'] = $content_struct['description']; } if ( isset( $content_struct['slug'] ) ) { $term_data['slug'] = $content_struct['slug']; } $term = wp_update_term( $term_id, $taxonomy['name'], $term_data ); if ( is_wp_error( $term ) ) { return new IXR_Error( 500, $term->get_error_message() ); } if ( ! $term ) { return new IXR_Error( 500, __( 'Sorry, editing the term failed.' ) ); } // Update term meta. if ( isset( $content_struct['custom_fields'] ) ) { $this->set_term_custom_fields( $term_id, $content_struct['custom_fields'] ); } return true; } /** * Deletes a term. * * @since 3.4.0 * * @see wp_delete_term() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string $3 Taxonomy name. * @type int $4 Term ID. * } * @return true|IXR_Error True on success, IXR_Error instance on failure. */ public function wp_deleteTerm( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; $term_id = (int) $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deleteTerm', $args, $this ); if ( ! taxonomy_exists( $taxonomy ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $taxonomy ); $term = get_term( $term_id, $taxonomy->name ); if ( is_wp_error( $term ) ) { return new IXR_Error( 500, $term->get_error_message() ); } if ( ! $term ) { return new IXR_Error( 404, __( 'Invalid term ID.' ) ); } if ( ! current_user_can( 'delete_term', $term_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this term.' ) ); } $result = wp_delete_term( $term_id, $taxonomy->name ); if ( is_wp_error( $result ) ) { return new IXR_Error( 500, $result->get_error_message() ); } if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, deleting the term failed.' ) ); } return $result; } /** * Retrieves a term. * * @since 3.4.0 * * @see get_term() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string $3 Taxonomy name. * @type int $4 Term ID. * } * @return array|IXR_Error IXR_Error on failure, array on success, containing: * - 'term_id' * - 'name' * - 'slug' * - 'term_group' * - 'term_taxonomy_id' * - 'taxonomy' * - 'description' * - 'parent' * - 'count' */ public function wp_getTerm( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; $term_id = (int) $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTerm', $args, $this ); if ( ! taxonomy_exists( $taxonomy ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $taxonomy ); $term = get_term( $term_id, $taxonomy->name, ARRAY_A ); if ( is_wp_error( $term ) ) { return new IXR_Error( 500, $term->get_error_message() ); } if ( ! $term ) { return new IXR_Error( 404, __( 'Invalid term ID.' ) ); } if ( ! current_user_can( 'assign_term', $term_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign this term.' ) ); } return $this->_prepare_term( $term ); } /** * Retrieves all terms for a taxonomy. * * @since 3.4.0 * * The optional $filter parameter modifies the query used to retrieve terms. * Accepted keys are 'number', 'offset', 'orderby', 'order', 'hide_empty', and 'search'. * * @see get_terms() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string $3 Taxonomy name. * @type array $4 Optional. Modifies the query used to retrieve posts. Accepts 'number', * 'offset', 'orderby', 'order', 'hide_empty', and 'search'. Default empty array. * } * @return array|IXR_Error An associative array of terms data on success, IXR_Error instance otherwise. */ public function wp_getTerms( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; $filter = isset( $args[4] ) ? $args[4] : array(); $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTerms', $args, $this ); if ( ! taxonomy_exists( $taxonomy ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $taxonomy ); if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) ); } $query = array( 'taxonomy' => $taxonomy->name ); if ( isset( $filter['number'] ) ) { $query['number'] = absint( $filter['number'] ); } if ( isset( $filter['offset'] ) ) { $query['offset'] = absint( $filter['offset'] ); } if ( isset( $filter['orderby'] ) ) { $query['orderby'] = $filter['orderby']; if ( isset( $filter['order'] ) ) { $query['order'] = $filter['order']; } } if ( isset( $filter['hide_empty'] ) ) { $query['hide_empty'] = $filter['hide_empty']; } else { $query['get'] = 'all'; } if ( isset( $filter['search'] ) ) { $query['search'] = $filter['search']; } $terms = get_terms( $query ); if ( is_wp_error( $terms ) ) { return new IXR_Error( 500, $terms->get_error_message() ); } $struct = array(); foreach ( $terms as $term ) { $struct[] = $this->_prepare_term( $term ); } return $struct; } /** * Retrieves a taxonomy. * * @since 3.4.0 * * @see get_taxonomy() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string $3 Taxonomy name. * @type array $4 Optional. Array of taxonomy fields to limit to in the return. * Accepts 'labels', 'cap', 'menu', and 'object_type'. * Default empty array. * } * @return array|IXR_Error An array of taxonomy data on success, IXR_Error instance otherwise. */ public function wp_getTaxonomy( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** * Filters the default taxonomy query fields used by the given XML-RPC method. * * @since 3.4.0 * * @param array $fields An array of taxonomy fields to retrieve. By default, * contains 'labels', 'cap', and 'object_type'. * @param string $method The method name. */ $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomy' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTaxonomy', $args, $this ); if ( ! taxonomy_exists( $taxonomy ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $taxonomy ); if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) ); } return $this->_prepare_taxonomy( $taxonomy, $fields ); } /** * Retrieves all taxonomies. * * @since 3.4.0 * * @see get_taxonomies() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. An array of arguments for retrieving taxonomies. * @type array $4 Optional. The subset of taxonomy fields to return. * } * @return array|IXR_Error An associative array of taxonomy data with returned fields determined * by `$fields`, or an IXR_Error instance on failure. */ public function wp_getTaxonomies( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array( 'public' => true ); if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomies' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTaxonomies', $args, $this ); $taxonomies = get_taxonomies( $filter, 'objects' ); // Holds all the taxonomy data. $struct = array(); foreach ( $taxonomies as $taxonomy ) { // Capability check for post types. if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) { continue; } $struct[] = $this->_prepare_taxonomy( $taxonomy, $fields ); } return $struct; } /** * Retrieves a user. * * The optional $fields parameter specifies what fields will be included * in the response array. This should be a list of field names. 'user_id' will * always be included in the response regardless of the value of $fields. * * Instead of, or in addition to, individual field names, conceptual group * names can be used to specify multiple fields. The available conceptual * groups are 'basic' and 'all'. * * @uses get_userdata() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 User ID. * @type array $4 Optional. Array of fields to return. * } * @return array|IXR_Error Array contains (based on $fields parameter): * - 'user_id' * - 'username' * - 'first_name' * - 'last_name' * - 'registered' * - 'bio' * - 'email' * - 'nickname' * - 'nicename' * - 'url' * - 'display_name' * - 'roles' */ public function wp_getUser( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user_id = (int) $args[3]; if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** * Filters the default user query fields used by the given XML-RPC method. * * @since 3.5.0 * * @param array $fields An array of user fields to retrieve. By default, contains 'all'. * @param string $method The method name. */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUser' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getUser', $args, $this ); if ( ! current_user_can( 'edit_user', $user_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this user.' ) ); } $user_data = get_userdata( $user_id ); if ( ! $user_data ) { return new IXR_Error( 404, __( 'Invalid user ID.' ) ); } return $this->_prepare_user( $user_data, $fields ); } /** * Retrieves users. * * The optional $filter parameter modifies the query used to retrieve users. * Accepted keys are 'number' (default: 50), 'offset' (default: 0), 'role', * 'who', 'orderby', and 'order'. * * The optional $fields parameter specifies what fields will be included * in the response array. * * @uses get_users() * @see wp_getUser() for more on $fields and return values * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Arguments for the user query. * @type array $4 Optional. Fields to return. * } * @return array|IXR_Error users data */ public function wp_getUsers( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array(); if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUsers' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getUsers', $args, $this ); if ( ! current_user_can( 'list_users' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to list users.' ) ); } $query = array( 'fields' => 'all_with_meta' ); $query['number'] = ( isset( $filter['number'] ) ) ? absint( $filter['number'] ) : 50; $query['offset'] = ( isset( $filter['offset'] ) ) ? absint( $filter['offset'] ) : 0; if ( isset( $filter['orderby'] ) ) { $query['orderby'] = $filter['orderby']; if ( isset( $filter['order'] ) ) { $query['order'] = $filter['order']; } } if ( isset( $filter['role'] ) ) { if ( get_role( $filter['role'] ) === null ) { return new IXR_Error( 403, __( 'Invalid role.' ) ); } $query['role'] = $filter['role']; } if ( isset( $filter['who'] ) ) { $query['who'] = $filter['who']; } $users = get_users( $query ); $_users = array(); foreach ( $users as $user_data ) { if ( current_user_can( 'edit_user', $user_data->ID ) ) { $_users[] = $this->_prepare_user( $user_data, $fields ); } } return $_users; } /** * Retrieves information about the requesting user. * * @uses get_userdata() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username * @type string $2 Password * @type array $3 Optional. Fields to return. * } * @return array|IXR_Error (@see wp_getUser) */ public function wp_getProfile( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; if ( isset( $args[3] ) ) { $fields = $args[3]; } else { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getProfile' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getProfile', $args, $this ); if ( ! current_user_can( 'edit_user', $user->ID ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) ); } $user_data = get_userdata( $user->ID ); return $this->_prepare_user( $user_data, $fields ); } /** * Edits user's profile. * * @uses wp_update_user() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Content struct. It can optionally contain: * - 'first_name' * - 'last_name' * - 'website' * - 'display_name' * - 'nickname' * - 'nicename' * - 'bio' * } * @return true|IXR_Error True, on success. */ public function wp_editProfile( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editProfile', $args, $this ); if ( ! current_user_can( 'edit_user', $user->ID ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) ); } // Holds data of the user. $user_data = array(); $user_data['ID'] = $user->ID; // Only set the user details if they were given. if ( isset( $content_struct['first_name'] ) ) { $user_data['first_name'] = $content_struct['first_name']; } if ( isset( $content_struct['last_name'] ) ) { $user_data['last_name'] = $content_struct['last_name']; } if ( isset( $content_struct['url'] ) ) { $user_data['user_url'] = $content_struct['url']; } if ( isset( $content_struct['display_name'] ) ) { $user_data['display_name'] = $content_struct['display_name']; } if ( isset( $content_struct['nickname'] ) ) { $user_data['nickname'] = $content_struct['nickname']; } if ( isset( $content_struct['nicename'] ) ) { $user_data['user_nicename'] = $content_struct['nicename']; } if ( isset( $content_struct['bio'] ) ) { $user_data['description'] = $content_struct['bio']; } $result = wp_update_user( $user_data ); if ( is_wp_error( $result ) ) { return new IXR_Error( 500, $result->get_error_message() ); } if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the user could not be updated.' ) ); } return true; } /** * Retrieves a page. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type int $1 Page ID. * @type string $2 Username. * @type string $3 Password. * } * @return array|IXR_Error */ public function wp_getPage( $args ) { $this->escape( $args ); $page_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } $page = get_post( $page_id ); if ( ! $page ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_page', $page_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPage', $args, $this ); // If we found the page then format the data. if ( $page->ID && ( 'page' === $page->post_type ) ) { return $this->_prepare_page( $page ); } else { // If the page doesn't exist, indicate that. return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); } } /** * Retrieves Pages. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Optional. Number of pages. Default 10. * } * @return array|IXR_Error */ public function wp_getPages( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $num_pages = isset( $args[3] ) ? (int) $args[3] : 10; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_pages' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPages', $args, $this ); $pages = get_posts( array( 'post_type' => 'page', 'post_status' => 'any', 'numberposts' => $num_pages, ) ); $num_pages = count( $pages ); // If we have pages, put together their info. if ( $num_pages >= 1 ) { $pages_struct = array(); foreach ( $pages as $page ) { if ( current_user_can( 'edit_page', $page->ID ) ) { $pages_struct[] = $this->_prepare_page( $page ); } } return $pages_struct; } return array(); } /** * Creates a new page. * * @since 2.2.0 * * @see wp_xmlrpc_server::mw_newPost() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Content struct. * } * @return int|IXR_Error */ public function wp_newPage( $args ) { // Items not escaped here will be escaped in wp_newPost(). $username = $this->escape( $args[1] ); $password = $this->escape( $args[2] ); $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newPage', $args, $this ); // Mark this as content for a page. $args[3]['post_type'] = 'page'; // Let mw_newPost() do all of the heavy lifting. return $this->mw_newPost( $args ); } /** * Deletes a page. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Page ID. * } * @return true|IXR_Error True, if success. */ public function wp_deletePage( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $page_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deletePage', $args, $this ); /* * Get the current page based on the 'page_id' and * make sure it is a page and not a post. */ $actual_page = get_post( $page_id, ARRAY_A ); if ( ! $actual_page || ( 'page' !== $actual_page['post_type'] ) ) { return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); } // Make sure the user can delete pages. if ( ! current_user_can( 'delete_page', $page_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this page.' ) ); } // Attempt to delete the page. $result = wp_delete_post( $page_id ); if ( ! $result ) { return new IXR_Error( 500, __( 'Failed to delete the page.' ) ); } /** * Fires after a page has been successfully deleted via XML-RPC. * * @since 3.4.0 * * @param int $page_id ID of the deleted page. * @param array $args An array of arguments to delete the page. */ do_action( 'xmlrpc_call_success_wp_deletePage', $page_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return true; } /** * Edits a page. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type int $1 Page ID. * @type string $2 Username. * @type string $3 Password. * @type string $4 Content. * @type int $5 Publish flag. 0 for draft, 1 for publish. * } * @return array|IXR_Error */ public function wp_editPage( $args ) { // Items will be escaped in mw_editPost(). $page_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; $content = $args[4]; $publish = $args[5]; $escaped_username = $this->escape( $username ); $escaped_password = $this->escape( $password ); $user = $this->login( $escaped_username, $escaped_password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editPage', $args, $this ); // Get the page data and make sure it is a page. $actual_page = get_post( $page_id, ARRAY_A ); if ( ! $actual_page || ( 'page' !== $actual_page['post_type'] ) ) { return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); } // Make sure the user is allowed to edit pages. if ( ! current_user_can( 'edit_page', $page_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) ); } // Mark this as content for a page. $content['post_type'] = 'page'; // Arrange args in the way mw_editPost() understands. $args = array( $page_id, $username, $password, $content, $publish, ); // Let mw_editPost() do all of the heavy lifting. return $this->mw_editPost( $args ); } /** * Retrieves page list. * * @since 2.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getPageList( $args ) { global $wpdb; $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_pages' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPageList', $args, $this ); // Get list of page IDs and titles. $page_list = $wpdb->get_results( " SELECT ID page_id, post_title page_title, post_parent page_parent_id, post_date_gmt, post_date, post_status FROM {$wpdb->posts} WHERE post_type = 'page' ORDER BY ID " ); // The date needs to be formatted properly. $num_pages = count( $page_list ); for ( $i = 0; $i < $num_pages; $i++ ) { $page_list[ $i ]->dateCreated = $this->_convert_date( $page_list[ $i ]->post_date ); $page_list[ $i ]->date_created_gmt = $this->_convert_date_gmt( $page_list[ $i ]->post_date_gmt, $page_list[ $i ]->post_date ); unset( $page_list[ $i ]->post_date_gmt ); unset( $page_list[ $i ]->post_date ); unset( $page_list[ $i ]->post_status ); } return $page_list; } /** * Retrieves authors list. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getAuthors( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getAuthors', $args, $this ); $authors = array(); foreach ( get_users( array( 'fields' => array( 'ID', 'user_login', 'display_name' ) ) ) as $user ) { $authors[] = array( 'user_id' => $user->ID, 'user_login' => $user->user_login, 'display_name' => $user->display_name, ); } return $authors; } /** * Gets the list of all tags. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getTags( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view tags.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getKeywords', $args, $this ); $tags = array(); $all_tags = get_tags(); if ( $all_tags ) { foreach ( (array) $all_tags as $tag ) { $struct = array(); $struct['tag_id'] = $tag->term_id; $struct['name'] = $tag->name; $struct['count'] = $tag->count; $struct['slug'] = $tag->slug; $struct['html_url'] = esc_html( get_tag_link( $tag->term_id ) ); $struct['rss_url'] = esc_html( get_tag_feed_link( $tag->term_id ) ); $tags[] = $struct; } } return $tags; } /** * Creates a new category. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Category. * } * @return int|IXR_Error Category ID. */ public function wp_newCategory( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $category = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newCategory', $args, $this ); // Make sure the user is allowed to add a category. if ( ! current_user_can( 'manage_categories' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a category.' ) ); } /* * If no slug was provided, make it empty * so that WordPress will generate one. */ if ( empty( $category['slug'] ) ) { $category['slug'] = ''; } /* * If no parent_id was provided, make it empty * so that it will be a top-level page (no parent). */ if ( ! isset( $category['parent_id'] ) ) { $category['parent_id'] = ''; } // If no description was provided, make it empty. if ( empty( $category['description'] ) ) { $category['description'] = ''; } $new_category = array( 'cat_name' => $category['name'], 'category_nicename' => $category['slug'], 'category_parent' => $category['parent_id'], 'category_description' => $category['description'], ); $cat_id = wp_insert_category( $new_category, true ); if ( is_wp_error( $cat_id ) ) { if ( 'term_exists' === $cat_id->get_error_code() ) { return (int) $cat_id->get_error_data(); } else { return new IXR_Error( 500, __( 'Sorry, the category could not be created.' ) ); } } elseif ( ! $cat_id ) { return new IXR_Error( 500, __( 'Sorry, the category could not be created.' ) ); } /** * Fires after a new category has been successfully created via XML-RPC. * * @since 3.4.0 * * @param int $cat_id ID of the new category. * @param array $args An array of new category arguments. */ do_action( 'xmlrpc_call_success_wp_newCategory', $cat_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return $cat_id; } /** * Deletes a category. * * @since 2.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Category ID. * } * @return bool|IXR_Error See wp_delete_term() for return info. */ public function wp_deleteCategory( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $category_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deleteCategory', $args, $this ); if ( ! current_user_can( 'delete_term', $category_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this category.' ) ); } $status = wp_delete_term( $category_id, 'category' ); if ( true === $status ) { /** * Fires after a category has been successfully deleted via XML-RPC. * * @since 3.4.0 * * @param int $category_id ID of the deleted category. * @param array $args An array of arguments to delete the category. */ do_action( 'xmlrpc_call_success_wp_deleteCategory', $category_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase } return $status; } /** * Retrieves category list. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Category * @type int $4 Max number of results. * } * @return array|IXR_Error */ public function wp_suggestCategories( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $category = $args[3]; $max_results = (int) $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.suggestCategories', $args, $this ); $category_suggestions = array(); $args = array( 'get' => 'all', 'number' => $max_results, 'name__like' => $category, ); foreach ( (array) get_categories( $args ) as $cat ) { $category_suggestions[] = array( 'category_id' => $cat->term_id, 'category_name' => $cat->name, ); } return $category_suggestions; } /** * Retrieves a comment. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Comment ID. * } * @return array|IXR_Error */ public function wp_getComment( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $comment_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getComment', $args, $this ); $comment = get_comment( $comment_id ); if ( ! $comment ) { return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); } if ( ! current_user_can( 'edit_comment', $comment_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) ); } return $this->_prepare_comment( $comment ); } /** * Retrieves comments. * * Besides the common blog_id (unused), username, and password arguments, * it takes a filter array as the last argument. * * Accepted 'filter' keys are 'status', 'post_id', 'offset', and 'number'. * * The defaults are as follows: * - 'status' - Default is ''. Filter by status (e.g., 'approve', 'hold') * - 'post_id' - Default is ''. The post where the comment is posted. * Empty string shows all comments. * - 'number' - Default is 10. Total number of media items to retrieve. * - 'offset' - Default is 0. See WP_Query::query() for more. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Query arguments. * } * @return array|IXR_Error Array containing a collection of comments. * See wp_xmlrpc_server::wp_getComment() for a description * of each item contents. */ public function wp_getComments( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $struct = isset( $args[3] ) ? $args[3] : array(); $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getComments', $args, $this ); if ( isset( $struct['status'] ) ) { $status = $struct['status']; } else { $status = ''; } if ( ! current_user_can( 'moderate_comments' ) && 'approve' !== $status ) { return new IXR_Error( 401, __( 'Invalid comment status.' ) ); } $post_id = ''; if ( isset( $struct['post_id'] ) ) { $post_id = absint( $struct['post_id'] ); } $post_type = ''; if ( isset( $struct['post_type'] ) ) { $post_type_object = get_post_type_object( $struct['post_type'] ); if ( ! $post_type_object || ! post_type_supports( $post_type_object->name, 'comments' ) ) { return new IXR_Error( 404, __( 'Invalid post type.' ) ); } $post_type = $struct['post_type']; } $offset = 0; if ( isset( $struct['offset'] ) ) { $offset = absint( $struct['offset'] ); } $number = 10; if ( isset( $struct['number'] ) ) { $number = absint( $struct['number'] ); } $comments = get_comments( array( 'status' => $status, 'post_id' => $post_id, 'offset' => $offset, 'number' => $number, 'post_type' => $post_type, ) ); $comments_struct = array(); if ( is_array( $comments ) ) { foreach ( $comments as $comment ) { $comments_struct[] = $this->_prepare_comment( $comment ); } } return $comments_struct; } /** * Deletes a comment. * * By default, the comment will be moved to the Trash instead of deleted. * See wp_delete_comment() for more information on this behavior. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Comment ID. * } * @return bool|IXR_Error See wp_delete_comment(). */ public function wp_deleteComment( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $comment_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! get_comment( $comment_id ) ) { return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); } if ( ! current_user_can( 'edit_comment', $comment_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to delete this comment.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deleteComment', $args, $this ); $status = wp_delete_comment( $comment_id ); if ( true === $status ) { /** * Fires after a comment has been successfully deleted via XML-RPC. * * @since 3.4.0 * * @param int $comment_id ID of the deleted comment. * @param array $args An array of arguments to delete the comment. */ do_action( 'xmlrpc_call_success_wp_deleteComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase } return $status; } /** * Edits a comment. * * Besides the common blog_id (unused), username, and password arguments, * it takes a comment_id integer and a content_struct array as the last argument. * * The allowed keys in the content_struct array are: * - 'author' * - 'author_url' * - 'author_email' * - 'content' * - 'date_created_gmt' * - 'status'. Common statuses are 'approve', 'hold', 'spam'. See get_comment_statuses() for more details. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Comment ID. * @type array $4 Content structure. * } * @return true|IXR_Error True, on success. */ public function wp_editComment( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $comment_id = (int) $args[3]; $content_struct = $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! get_comment( $comment_id ) ) { return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); } if ( ! current_user_can( 'edit_comment', $comment_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editComment', $args, $this ); $comment = array( 'comment_ID' => $comment_id, ); if ( isset( $content_struct['status'] ) ) { $statuses = get_comment_statuses(); $statuses = array_keys( $statuses ); if ( ! in_array( $content_struct['status'], $statuses, true ) ) { return new IXR_Error( 401, __( 'Invalid comment status.' ) ); } $comment['comment_approved'] = $content_struct['status']; } // Do some timestamp voodoo. if ( ! empty( $content_struct['date_created_gmt'] ) ) { // We know this is supposed to be GMT, so we're going to slap that Z on there by force. $date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z'; $comment['comment_date'] = get_date_from_gmt( $date_created ); $comment['comment_date_gmt'] = iso8601_to_datetime( $date_created, 'gmt' ); } if ( isset( $content_struct['content'] ) ) { $comment['comment_content'] = $content_struct['content']; } if ( isset( $content_struct['author'] ) ) { $comment['comment_author'] = $content_struct['author']; } if ( isset( $content_struct['author_url'] ) ) { $comment['comment_author_url'] = $content_struct['author_url']; } if ( isset( $content_struct['author_email'] ) ) { $comment['comment_author_email'] = $content_struct['author_email']; } $result = wp_update_comment( $comment, true ); if ( is_wp_error( $result ) ) { return new IXR_Error( 500, $result->get_error_message() ); } if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the comment could not be updated.' ) ); } /** * Fires after a comment has been successfully updated via XML-RPC. * * @since 3.4.0 * * @param int $comment_id ID of the updated comment. * @param array $args An array of arguments to update the comment. */ do_action( 'xmlrpc_call_success_wp_editComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return true; } /** * Creates a new comment. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string|int $3 Post ID or URL. * @type array $4 Content structure. * } * @return int|IXR_Error See wp_new_comment(). */ public function wp_newComment( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post = $args[3]; $content_struct = $args[4]; /** * Filters whether to allow anonymous comments over XML-RPC. * * @since 2.7.0 * * @param bool $allow Whether to allow anonymous commenting via XML-RPC. * Default false. */ $allow_anon = apply_filters( 'xmlrpc_allow_anonymous_comments', false ); $user = $this->login( $username, $password ); if ( ! $user ) { $logged_in = false; if ( $allow_anon && get_option( 'comment_registration' ) ) { return new IXR_Error( 403, __( 'Sorry, you must be logged in to comment.' ) ); } elseif ( ! $allow_anon ) { return $this->error; } } else { $logged_in = true; } if ( is_numeric( $post ) ) { $post_id = absint( $post ); } else { $post_id = url_to_postid( $post ); } if ( ! $post_id ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! get_post( $post_id ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! comments_open( $post_id ) ) { return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) ); } if ( 'publish' === get_post_status( $post_id ) && ! current_user_can( 'edit_post', $post_id ) && post_password_required( $post_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) ); } if ( 'private' === get_post_status( $post_id ) && ! current_user_can( 'read_post', $post_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) ); } $comment = array( 'comment_post_ID' => $post_id, 'comment_content' => trim( $content_struct['content'] ), ); if ( $logged_in ) { $display_name = $user->display_name; $user_email = $user->user_email; $user_url = $user->user_url; $comment['comment_author'] = $this->escape( $display_name ); $comment['comment_author_email'] = $this->escape( $user_email ); $comment['comment_author_url'] = $this->escape( $user_url ); $comment['user_id'] = $user->ID; } else { $comment['comment_author'] = ''; if ( isset( $content_struct['author'] ) ) { $comment['comment_author'] = $content_struct['author']; } $comment['comment_author_email'] = ''; if ( isset( $content_struct['author_email'] ) ) { $comment['comment_author_email'] = $content_struct['author_email']; } $comment['comment_author_url'] = ''; if ( isset( $content_struct['author_url'] ) ) { $comment['comment_author_url'] = $content_struct['author_url']; } $comment['user_id'] = 0; if ( get_option( 'require_name_email' ) ) { if ( strlen( $comment['comment_author_email'] ) < 6 || '' === $comment['comment_author'] ) { return new IXR_Error( 403, __( 'Comment author name and email are required.' ) ); } elseif ( ! is_email( $comment['comment_author_email'] ) ) { return new IXR_Error( 403, __( 'A valid email address is required.' ) ); } } } $comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0; /** This filter is documented in wp-includes/comment.php */ $allow_empty = apply_filters( 'allow_empty_comment', false, $comment ); if ( ! $allow_empty && '' === $comment['comment_content'] ) { return new IXR_Error( 403, __( 'Comment is required.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newComment', $args, $this ); $comment_id = wp_new_comment( $comment, true ); if ( is_wp_error( $comment_id ) ) { return new IXR_Error( 403, $comment_id->get_error_message() ); } if ( ! $comment_id ) { return new IXR_Error( 403, __( 'An error occurred while processing your comment. Please ensure all fields are filled correctly and try again.' ) ); } /** * Fires after a new comment has been successfully created via XML-RPC. * * @since 3.4.0 * * @param int $comment_id ID of the new comment. * @param array $args An array of new comment arguments. */ do_action( 'xmlrpc_call_success_wp_newComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return $comment_id; } /** * Retrieves all of the comment status. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getCommentStatusList( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'publish_posts' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getCommentStatusList', $args, $this ); return get_comment_statuses(); } /** * Retrieves comment counts. * * @since 2.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Post ID. * } * @return array|IXR_Error */ public function wp_getCommentCount( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } $post = get_post( $post_id, ARRAY_A ); if ( empty( $post['ID'] ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details of this post.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getCommentCount', $args, $this ); $count = wp_count_comments( $post_id ); return array( 'approved' => $count->approved, 'awaiting_moderation' => $count->moderated, 'spam' => $count->spam, 'total_comments' => $count->total_comments, ); } /** * Retrieves post statuses. * * @since 2.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getPostStatusList( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostStatusList', $args, $this ); return get_post_statuses(); } /** * Retrieves page statuses. * * @since 2.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getPageStatusList( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_pages' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPageStatusList', $args, $this ); return get_page_statuses(); } /** * Retrieves page templates. * * @since 2.6.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getPageTemplates( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_pages' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); } $templates = get_page_templates(); $templates['Default'] = 'default'; return $templates; } /** * Retrieves blog options. * * @since 2.6.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Options. * } * @return array|IXR_Error */ public function wp_getOptions( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $options = isset( $args[3] ) ? (array) $args[3] : array(); $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } // If no specific options where asked for, return all of them. if ( count( $options ) === 0 ) { $options = array_keys( $this->blog_options ); } return $this->_getOptions( $options ); } /** * Retrieves blog options value from list. * * @since 2.6.0 * * @param array $options Options to retrieve. * @return array */ public function _getOptions( $options ) { $data = array(); $can_manage = current_user_can( 'manage_options' ); foreach ( $options as $option ) { if ( array_key_exists( $option, $this->blog_options ) ) { $data[ $option ] = $this->blog_options[ $option ]; // Is the value static or dynamic? if ( isset( $data[ $option ]['option'] ) ) { $data[ $option ]['value'] = get_option( $data[ $option ]['option'] ); unset( $data[ $option ]['option'] ); } if ( ! $can_manage ) { $data[ $option ]['readonly'] = true; } } } return $data; } /** * Updates blog options. * * @since 2.6.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Options. * } * @return array|IXR_Error */ public function wp_setOptions( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $options = (array) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'manage_options' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to update options.' ) ); } $option_names = array(); foreach ( $options as $o_name => $o_value ) { $option_names[] = $o_name; if ( ! array_key_exists( $o_name, $this->blog_options ) ) { continue; } if ( $this->blog_options[ $o_name ]['readonly'] ) { continue; } update_option( $this->blog_options[ $o_name ]['option'], wp_unslash( $o_value ) ); } // Now return the updated values. return $this->_getOptions( $option_names ); } /** * Retrieves a media item by ID. * * @since 3.1.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Attachment ID. * } * @return array|IXR_Error Associative array contains: * - 'date_created_gmt' * - 'parent' * - 'link' * - 'thumbnail' * - 'title' * - 'caption' * - 'description' * - 'metadata' */ public function wp_getMediaItem( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $attachment_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'upload_files' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to upload files.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getMediaItem', $args, $this ); $attachment = get_post( $attachment_id ); if ( ! $attachment || 'attachment' !== $attachment->post_type ) { return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); } return $this->_prepare_media_item( $attachment ); } /** * Retrieves a collection of media library items (or attachments). * * Besides the common blog_id (unused), username, and password arguments, * it takes a filter array as the last argument. * * Accepted 'filter' keys are 'parent_id', 'mime_type', 'offset', and 'number'. * * The defaults are as follows: * - 'number' - Default is 5. Total number of media items to retrieve. * - 'offset' - Default is 0. See WP_Query::query() for more. * - 'parent_id' - Default is ''. The post where the media item is attached. * Empty string shows all media items. 0 shows unattached media items. * - 'mime_type' - Default is ''. Filter by mime type (e.g., 'image/jpeg', 'application/pdf') * * @since 3.1.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Query arguments. * } * @return array|IXR_Error Array containing a collection of media items. * See wp_xmlrpc_server::wp_getMediaItem() for a description * of each item contents. */ public function wp_getMediaLibrary( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $struct = isset( $args[3] ) ? $args[3] : array(); $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'upload_files' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getMediaLibrary', $args, $this ); $parent_id = ( isset( $struct['parent_id'] ) ) ? absint( $struct['parent_id'] ) : ''; $mime_type = ( isset( $struct['mime_type'] ) ) ? $struct['mime_type'] : ''; $offset = ( isset( $struct['offset'] ) ) ? absint( $struct['offset'] ) : 0; $number = ( isset( $struct['number'] ) ) ? absint( $struct['number'] ) : -1; $attachments = get_posts( array( 'post_type' => 'attachment', 'post_parent' => $parent_id, 'offset' => $offset, 'numberposts' => $number, 'post_mime_type' => $mime_type, ) ); $attachments_struct = array(); foreach ( $attachments as $attachment ) { $attachments_struct[] = $this->_prepare_media_item( $attachment ); } return $attachments_struct; } /** * Retrieves a list of post formats used by the site. * * @since 3.1.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error List of post formats, otherwise IXR_Error object. */ public function wp_getPostFormats( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostFormats', $args, $this ); $formats = get_post_format_strings(); // Find out if they want a list of currently supports formats. if ( isset( $args[3] ) && is_array( $args[3] ) ) { if ( $args[3]['show-supported'] ) { if ( current_theme_supports( 'post-formats' ) ) { $supported = get_theme_support( 'post-formats' ); $data = array(); $data['all'] = $formats; $data['supported'] = $supported[0]; $formats = $data; } } } return $formats; } /** * Retrieves a post type. * * @since 3.4.0 * * @see get_post_type_object() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string $3 Post type name. * @type array $4 Optional. Fields to fetch. * } * @return array|IXR_Error Array contains: * - 'labels' * - 'description' * - 'capability_type' * - 'cap' * - 'map_meta_cap' * - 'hierarchical' * - 'menu_position' * - 'taxonomies' * - 'supports' */ public function wp_getPostType( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_type_name = $args[3]; if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** * Filters the default post type query fields used by the given XML-RPC method. * * @since 3.4.0 * * @param array $fields An array of post type fields to retrieve. By default, * contains 'labels', 'cap', and 'taxonomies'. * @param string $method The method name. */ $fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostType' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostType', $args, $this ); if ( ! post_type_exists( $post_type_name ) ) { return new IXR_Error( 403, __( 'Invalid post type.' ) ); } $post_type = get_post_type_object( $post_type_name ); if ( ! current_user_can( $post_type->cap->edit_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) ); } return $this->_prepare_post_type( $post_type, $fields ); } /** * Retrieves post types. * * @since 3.4.0 * * @see get_post_types() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Query arguments. * @type array $4 Optional. Fields to fetch. * } * @return array|IXR_Error */ public function wp_getPostTypes( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array( 'public' => true ); if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostTypes' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostTypes', $args, $this ); $post_types = get_post_types( $filter, 'objects' ); $struct = array(); foreach ( $post_types as $post_type ) { if ( ! current_user_can( $post_type->cap->edit_posts ) ) { continue; } $struct[ $post_type->name ] = $this->_prepare_post_type( $post_type, $fields ); } return $struct; } /** * Retrieves revisions for a specific post. * * @since 3.5.0 * * The optional $fields parameter specifies what fields will be included * in the response array. * * @uses wp_get_post_revisions() * @see wp_getPost() for more on $fields * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Post ID. * @type array $4 Optional. Fields to fetch. * } * @return array|IXR_Error Array containing a collection of posts. */ public function wp_getRevisions( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** * Filters the default revision query fields used by the given XML-RPC method. * * @since 3.5.0 * * @param array $field An array of revision fields to retrieve. By default, * contains 'post_date' and 'post_date_gmt'. * @param string $method The method name. */ $fields = apply_filters( 'xmlrpc_default_revision_fields', array( 'post_date', 'post_date_gmt' ), 'wp.getRevisions' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getRevisions', $args, $this ); $post = get_post( $post_id ); if ( ! $post ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); } // Check if revisions are enabled. if ( ! wp_revisions_enabled( $post ) ) { return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) ); } $revisions = wp_get_post_revisions( $post_id ); if ( ! $revisions ) { return array(); } $struct = array(); foreach ( $revisions as $revision ) { if ( ! current_user_can( 'read_post', $revision->ID ) ) { continue; } // Skip autosaves. if ( wp_is_post_autosave( $revision ) ) { continue; } $struct[] = $this->_prepare_post( get_object_vars( $revision ), $fields ); } return $struct; } /** * Restores a post revision. * * @since 3.5.0 * * @uses wp_restore_post_revision() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Revision ID. * } * @return bool|IXR_Error false if there was an error restoring, true if success. */ public function wp_restoreRevision( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $revision_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.restoreRevision', $args, $this ); $revision = wp_get_post_revision( $revision_id ); if ( ! $revision ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( wp_is_post_autosave( $revision ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } $post = get_post( $revision->post_parent ); if ( ! $post ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $revision->post_parent ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } // Check if revisions are disabled. if ( ! wp_revisions_enabled( $post ) ) { return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) ); } $post = wp_restore_post_revision( $revision_id ); return (bool) $post; } /* * Blogger API functions. * Specs on http://plant.blogger.com/api and https://groups.yahoo.com/group/bloggerDev/ */ /** * Retrieves blogs that user owns. * * Will make more sense once we support multiple blogs. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function blogger_getUsersBlogs( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } if ( is_multisite() ) { return $this->_multisite_getUsersBlogs( $args ); } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.getUsersBlogs', $args, $this ); $is_admin = current_user_can( 'manage_options' ); $struct = array( 'isAdmin' => $is_admin, 'url' => get_option( 'home' ) . '/', 'blogid' => '1', 'blogName' => get_option( 'blogname' ), 'xmlrpc' => site_url( 'xmlrpc.php', 'rpc' ), ); return array( $struct ); } /** * Private function for retrieving a users blogs for multisite setups. * * @since 3.0.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ protected function _multisite_getUsersBlogs( $args ) { $current_blog = get_site(); $domain = $current_blog->domain; $path = $current_blog->path . 'xmlrpc.php'; $blogs = $this->wp_getUsersBlogs( $args ); if ( $blogs instanceof IXR_Error ) { return $blogs; } if ( $_SERVER['HTTP_HOST'] === $domain && $_SERVER['REQUEST_URI'] === $path ) { return $blogs; } else { foreach ( (array) $blogs as $blog ) { if ( str_contains( $blog['url'], $_SERVER['HTTP_HOST'] ) ) { return array( $blog ); } } return array(); } } /** * Retrieves user's data. * * Gives your client some info about you, so you don't have to. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function blogger_getUserInfo( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to access user data on this site.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.getUserInfo', $args, $this ); $struct = array( 'nickname' => $user->nickname, 'userid' => $user->ID, 'url' => $user->user_url, 'lastname' => $user->last_name, 'firstname' => $user->first_name, ); return $struct; } /** * Retrieves a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type int $1 Post ID. * @type string $2 Username. * @type string $3 Password. * } * @return array|IXR_Error */ public function blogger_getPost( $args ) { $this->escape( $args ); $post_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } $post_data = get_post( $post_id, ARRAY_A ); if ( ! $post_data ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.getPost', $args, $this ); $categories = implode( ',', wp_get_post_categories( $post_id ) ); $content = '<title>' . wp_unslash( $post_data['post_title'] ) . '</title>'; $content .= '<category>' . $categories . '</category>'; $content .= wp_unslash( $post_data['post_content'] ); $struct = array( 'userid' => $post_data['post_author'], 'dateCreated' => $this->_convert_date( $post_data['post_date'] ), 'content' => $content, 'postid' => (string) $post_data['ID'], ); return $struct; } /** * Retrieves the list of recent posts. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type string $0 App key (unused). * @type int $1 Blog ID (unused). * @type string $2 Username. * @type string $3 Password. * @type int $4 Optional. Number of posts. * } * @return array|IXR_Error */ public function blogger_getRecentPosts( $args ) { $this->escape( $args ); // $args[0] = appkey - ignored. $username = $args[2]; $password = $args[3]; if ( isset( $args[4] ) ) { $query = array( 'numberposts' => absint( $args[4] ) ); } else { $query = array(); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.getRecentPosts', $args, $this ); $posts_list = wp_get_recent_posts( $query ); if ( ! $posts_list ) { $this->error = new IXR_Error( 500, __( 'No posts found or an error occurred while retrieving posts.' ) ); return $this->error; } $recent_posts = array(); foreach ( $posts_list as $entry ) { if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) { continue; } $post_date = $this->_convert_date( $entry['post_date'] ); $categories = implode( ',', wp_get_post_categories( $entry['ID'] ) ); $content = '<title>' . wp_unslash( $entry['post_title'] ) . '</title>'; $content .= '<category>' . $categories . '</category>'; $content .= wp_unslash( $entry['post_content'] ); $recent_posts[] = array( 'userid' => $entry['post_author'], 'dateCreated' => $post_date, 'content' => $content, 'postid' => (string) $entry['ID'], ); } return $recent_posts; } /** * Deprecated. * * @since 1.5.0 * @deprecated 3.5.0 * * @param array $args Unused. * @return IXR_Error Error object. */ public function blogger_getTemplate( $args ) { return new IXR_Error( 403, __( 'Sorry, this method is not supported.' ) ); } /** * Deprecated. * * @since 1.5.0 * @deprecated 3.5.0 * * @param array $args Unused. * @return IXR_Error Error object. */ public function blogger_setTemplate( $args ) { return new IXR_Error( 403, __( 'Sorry, this method is not supported.' ) ); } /** * Creates a new post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type string $0 App key (unused). * @type int $1 Blog ID (unused). * @type string $2 Username. * @type string $3 Password. * @type string $4 Content. * @type int $5 Publish flag. 0 for draft, 1 for publish. * } * @return int|IXR_Error */ public function blogger_newPost( $args ) { $this->escape( $args ); $username = $args[2]; $password = $args[3]; $content = $args[4]; $publish = $args[5]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.newPost', $args, $this ); $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; if ( ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) || ! current_user_can( $cap ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) ); } $post_status = ( $publish ) ? 'publish' : 'draft'; $post_author = $user->ID; $post_title = xmlrpc_getposttitle( $content ); $post_category = xmlrpc_getpostcategory( $content ); $post_content = xmlrpc_removepostdata( $content ); $post_date = current_time( 'mysql' ); $post_date_gmt = current_time( 'mysql', true ); $post_data = compact( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status' ); $post_id = wp_insert_post( $post_data ); if ( is_wp_error( $post_id ) ) { return new IXR_Error( 500, $post_id->get_error_message() ); } if ( ! $post_id ) { return new IXR_Error( 500, __( 'Sorry, the post could not be created.' ) ); } $this->attach_uploads( $post_id, $post_content ); /** * Fires after a new post has been successfully created via the XML-RPC Blogger API. * * @since 3.4.0 * * @param int $post_id ID of the new post. * @param array $args An array of new post arguments. */ do_action( 'xmlrpc_call_success_blogger_newPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return $post_id; } /** * Edits a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type int $1 Post ID. * @type string $2 Username. * @type string $3 Password. * @type string $4 Content * @type int $5 Publish flag. 0 for draft, 1 for publish. * } * @return true|IXR_Error true when done. */ public function blogger_editPost( $args ) { $this->escape( $args ); $post_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; $content = $args[4]; $publish = $args[5]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.editPost', $args, $this ); $actual_post = get_post( $post_id, ARRAY_A ); if ( ! $actual_post || 'post' !== $actual_post['post_type'] ) { return new IXR_Error( 404, __( 'Sorry, no such post.' ) ); } $this->escape( $actual_post ); if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } if ( 'publish' === $actual_post['post_status'] && ! current_user_can( 'publish_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) ); } $postdata = array(); $postdata['ID'] = $actual_post['ID']; $postdata['post_content'] = xmlrpc_removepostdata( $content ); $postdata['post_title'] = xmlrpc_getposttitle( $content ); $postdata['post_category'] = xmlrpc_getpostcategory( $content ); $postdata['post_status'] = $actual_post['post_status']; $postdata['post_excerpt'] = $actual_post['post_excerpt']; $postdata['post_status'] = $publish ? 'publish' : 'draft'; $result = wp_update_post( $postdata ); if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the post could not be updated.' ) ); } $this->attach_uploads( $actual_post['ID'], $postdata['post_content'] ); /** * Fires after a post has been successfully updated via the XML-RPC Blogger API. * * @since 3.4.0 * * @param int $post_id ID of the updated post. * @param array $args An array of arguments for the post to edit. */ do_action( 'xmlrpc_call_success_blogger_editPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return true; } /** * Deletes a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type int $1 Post ID. * @type string $2 Username. * @type string $3 Password. * } * @return true|IXR_Error True when post is deleted. */ public function blogger_deletePost( $args ) { $this->escape( $args ); $post_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.deletePost', $args, $this ); $actual_post = get_post( $post_id, ARRAY_A ); if ( ! $actual_post || 'post' !== $actual_post['post_type'] ) { return new IXR_Error( 404, __( 'Sorry, no such post.' ) ); } if ( ! current_user_can( 'delete_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) ); } $result = wp_delete_post( $post_id ); if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the post could not be deleted.' ) ); } /** * Fires after a post has been successfully deleted via the XML-RPC Blogger API. * * @since 3.4.0 * * @param int $post_id ID of the deleted post. * @param array $args An array of arguments to delete the post. */ do_action( 'xmlrpc_call_success_blogger_deletePost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return true; } /* * MetaWeblog API functions. * Specs on wherever Dave Winer wants them to be. */ /** * Creates a new post. * * The 'content_struct' argument must contain: * - title * - description * - mt_excerpt * - mt_text_more * - mt_keywords * - mt_tb_ping_urls * - categories * * Also, it can optionally contain: * - wp_slug * - wp_password * - wp_page_parent_id * - wp_page_order * - wp_author_id * - post_status | page_status - can be 'draft', 'private', 'publish', or 'pending' * - mt_allow_comments - can be 'open' or 'closed' * - mt_allow_pings - can be 'open' or 'closed' * - date_created_gmt * - dateCreated * - wp_post_thumbnail * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Content structure. * @type int $4 Optional. Publish flag. 0 for draft, 1 for publish. Default 0. * } * @return int|IXR_Error */ public function mw_newPost( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; $publish = isset( $args[4] ) ? $args[4] : 0; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.newPost', $args, $this ); $page_template = ''; if ( ! empty( $content_struct['post_type'] ) ) { if ( 'page' === $content_struct['post_type'] ) { if ( $publish ) { $cap = 'publish_pages'; } elseif ( isset( $content_struct['page_status'] ) && 'publish' === $content_struct['page_status'] ) { $cap = 'publish_pages'; } else { $cap = 'edit_pages'; } $error_message = __( 'Sorry, you are not allowed to publish pages on this site.' ); $post_type = 'page'; if ( ! empty( $content_struct['wp_page_template'] ) ) { $page_template = $content_struct['wp_page_template']; } } elseif ( 'post' === $content_struct['post_type'] ) { if ( $publish ) { $cap = 'publish_posts'; } elseif ( isset( $content_struct['post_status'] ) && 'publish' === $content_struct['post_status'] ) { $cap = 'publish_posts'; } else { $cap = 'edit_posts'; } $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); $post_type = 'post'; } else { // No other 'post_type' values are allowed here. return new IXR_Error( 401, __( 'Invalid post type.' ) ); } } else { if ( $publish ) { $cap = 'publish_posts'; } elseif ( isset( $content_struct['post_status'] ) && 'publish' === $content_struct['post_status'] ) { $cap = 'publish_posts'; } else { $cap = 'edit_posts'; } $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); $post_type = 'post'; } if ( ! current_user_can( get_post_type_object( $post_type )->cap->create_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts on this site.' ) ); } if ( ! current_user_can( $cap ) ) { return new IXR_Error( 401, $error_message ); } // Check for a valid post format if one was given. if ( isset( $content_struct['wp_post_format'] ) ) { $content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] ); if ( ! array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) { return new IXR_Error( 404, __( 'Invalid post format.' ) ); } } // Let WordPress generate the 'post_name' (slug) unless // one has been provided. $post_name = null; if ( isset( $content_struct['wp_slug'] ) ) { $post_name = $content_struct['wp_slug']; } // Only use a password if one was given. $post_password = ''; if ( isset( $content_struct['wp_password'] ) ) { $post_password = $content_struct['wp_password']; } // Only set a post parent if one was given. $post_parent = 0; if ( isset( $content_struct['wp_page_parent_id'] ) ) { $post_parent = $content_struct['wp_page_parent_id']; } // Only set the 'menu_order' if it was given. $menu_order = 0; if ( isset( $content_struct['wp_page_order'] ) ) { $menu_order = $content_struct['wp_page_order']; } $post_author = $user->ID; // If an author ID was provided then use it instead. if ( isset( $content_struct['wp_author_id'] ) && ( $user->ID !== (int) $content_struct['wp_author_id'] ) ) { switch ( $post_type ) { case 'post': if ( ! current_user_can( 'edit_others_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) ); } break; case 'page': if ( ! current_user_can( 'edit_others_pages' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create pages as this user.' ) ); } break; default: return new IXR_Error( 401, __( 'Invalid post type.' ) ); } $author = get_userdata( $content_struct['wp_author_id'] ); if ( ! $author ) { return new IXR_Error( 404, __( 'Invalid author ID.' ) ); } $post_author = $content_struct['wp_author_id']; } $post_title = isset( $content_struct['title'] ) ? $content_struct['title'] : ''; $post_content = isset( $content_struct['description'] ) ? $content_struct['description'] : ''; $post_status = $publish ? 'publish' : 'draft'; if ( isset( $content_struct[ "{$post_type}_status" ] ) ) { switch ( $content_struct[ "{$post_type}_status" ] ) { case 'draft': case 'pending': case 'private': case 'publish': $post_status = $content_struct[ "{$post_type}_status" ]; break; default: // Deliberably left empty. break; } } $post_excerpt = isset( $content_struct['mt_excerpt'] ) ? $content_struct['mt_excerpt'] : ''; $post_more = isset( $content_struct['mt_text_more'] ) ? $content_struct['mt_text_more'] : ''; $tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : array(); if ( isset( $content_struct['mt_allow_comments'] ) ) { if ( ! is_numeric( $content_struct['mt_allow_comments'] ) ) { switch ( $content_struct['mt_allow_comments'] ) { case 'closed': $comment_status = 'closed'; break; case 'open': $comment_status = 'open'; break; default: $comment_status = get_default_comment_status( $post_type ); break; } } else { switch ( (int) $content_struct['mt_allow_comments'] ) { case 0: case 2: $comment_status = 'closed'; break; case 1: $comment_status = 'open'; break; default: $comment_status = get_default_comment_status( $post_type ); break; } } } else { $comment_status = get_default_comment_status( $post_type ); } if ( isset( $content_struct['mt_allow_pings'] ) ) { if ( ! is_numeric( $content_struct['mt_allow_pings'] ) ) { switch ( $content_struct['mt_allow_pings'] ) { case 'closed': $ping_status = 'closed'; break; case 'open': $ping_status = 'open'; break; default: $ping_status = get_default_comment_status( $post_type, 'pingback' ); break; } } else { switch ( (int) $content_struct['mt_allow_pings'] ) { case 0: $ping_status = 'closed'; break; case 1: $ping_status = 'open'; break; default: $ping_status = get_default_comment_status( $post_type, 'pingback' ); break; } } } else { $ping_status = get_default_comment_status( $post_type, 'pingback' ); } if ( $post_more ) { $post_content .= '<!--more-->' . $post_more; } $to_ping = ''; if ( isset( $content_struct['mt_tb_ping_urls'] ) ) { $to_ping = $content_struct['mt_tb_ping_urls']; if ( is_array( $to_ping ) ) { $to_ping = implode( ' ', $to_ping ); } } // Do some timestamp voodoo. if ( ! empty( $content_struct['date_created_gmt'] ) ) { // We know this is supposed to be GMT, so we're going to slap that Z on there by force. $date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z'; } elseif ( ! empty( $content_struct['dateCreated'] ) ) { $date_created = $content_struct['dateCreated']->getIso(); } $post_date = ''; $post_date_gmt = ''; if ( ! empty( $date_created ) ) { $post_date = iso8601_to_datetime( $date_created ); $post_date_gmt = iso8601_to_datetime( $date_created, 'gmt' ); } $post_category = array(); if ( isset( $content_struct['categories'] ) ) { $catnames = $content_struct['categories']; if ( is_array( $catnames ) ) { foreach ( $catnames as $cat ) { $post_category[] = get_cat_ID( $cat ); } } } $postdata = compact( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping', 'post_type', 'post_name', 'post_password', 'post_parent', 'menu_order', 'tags_input', 'page_template' ); $post_id = get_default_post_to_edit( $post_type, true )->ID; $postdata['ID'] = $post_id; // Only posts can be sticky. if ( 'post' === $post_type && isset( $content_struct['sticky'] ) ) { $data = $postdata; $data['sticky'] = $content_struct['sticky']; $error = $this->_toggle_sticky( $data ); if ( $error ) { return $error; } } if ( isset( $content_struct['custom_fields'] ) ) { $this->set_custom_fields( $post_id, $content_struct['custom_fields'] ); } if ( isset( $content_struct['wp_post_thumbnail'] ) ) { if ( set_post_thumbnail( $post_id, $content_struct['wp_post_thumbnail'] ) === false ) { return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); } unset( $content_struct['wp_post_thumbnail'] ); } // Handle enclosures. $enclosure = isset( $content_struct['enclosure'] ) ? $content_struct['enclosure'] : null; $this->add_enclosure_if_new( $post_id, $enclosure ); $this->attach_uploads( $post_id, $post_content ); /* * Handle post formats if assigned, value is validated earlier * in this function. */ if ( isset( $content_struct['wp_post_format'] ) ) { set_post_format( $post_id, $content_struct['wp_post_format'] ); } $post_id = wp_insert_post( $postdata, true ); if ( is_wp_error( $post_id ) ) { return new IXR_Error( 500, $post_id->get_error_message() ); } if ( ! $post_id ) { return new IXR_Error( 500, __( 'Sorry, the post could not be created.' ) ); } /** * Fires after a new post has been successfully created via the XML-RPC MovableType API. * * @since 3.4.0 * * @param int $post_id ID of the new post. * @param array $args An array of arguments to create the new post. */ do_action( 'xmlrpc_call_success_mw_newPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return (string) $post_id; } /** * Adds an enclosure to a post if it's new. * * @since 2.8.0 * * @param int $post_id Post ID. * @param array $enclosure Enclosure data. */ public function add_enclosure_if_new( $post_id, $enclosure ) { if ( is_array( $enclosure ) && isset( $enclosure['url'] ) && isset( $enclosure['length'] ) && isset( $enclosure['type'] ) ) { $encstring = $enclosure['url'] . "\n" . $enclosure['length'] . "\n" . $enclosure['type'] . "\n"; $found = false; $enclosures = get_post_meta( $post_id, 'enclosure' ); if ( $enclosures ) { foreach ( $enclosures as $enc ) { // This method used to omit the trailing new line. #23219 if ( rtrim( $enc, "\n" ) === rtrim( $encstring, "\n" ) ) { $found = true; break; } } } if ( ! $found ) { add_post_meta( $post_id, 'enclosure', $encstring ); } } } /** * Attaches an upload to a post. * * @since 2.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $post_id Post ID. * @param string $post_content Post Content for attachment. */ public function attach_uploads( $post_id, $post_content ) { global $wpdb; // Find any unattached files. $attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '0' AND post_type = 'attachment'" ); if ( is_array( $attachments ) ) { foreach ( $attachments as $file ) { if ( ! empty( $file->guid ) && str_contains( $post_content, $file->guid ) ) { $wpdb->update( $wpdb->posts, array( 'post_parent' => $post_id ), array( 'ID' => $file->ID ) ); } } } } /** * Edits a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Post ID. * @type string $1 Username. * @type string $2 Password. * @type array $3 Content structure. * @type int $4 Optional. Publish flag. 0 for draft, 1 for publish. Default 0. * } * @return true|IXR_Error True on success. */ public function mw_editPost( $args ) { $this->escape( $args ); $post_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; $publish = isset( $args[4] ) ? $args[4] : 0; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.editPost', $args, $this ); $postdata = get_post( $post_id, ARRAY_A ); /* * If there is no post data for the give post ID, stop now and return an error. * Otherwise a new post will be created (which was the old behavior). */ if ( ! $postdata || empty( $postdata['ID'] ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } // Use wp.editPost to edit post types other than post and page. if ( ! in_array( $postdata['post_type'], array( 'post', 'page' ), true ) ) { return new IXR_Error( 401, __( 'Invalid post type.' ) ); } // Thwart attempt to change the post type. if ( ! empty( $content_struct['post_type'] ) && ( $content_struct['post_type'] !== $postdata['post_type'] ) ) { return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); } // Check for a valid post format if one was given. if ( isset( $content_struct['wp_post_format'] ) ) { $content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] ); if ( ! array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) { return new IXR_Error( 404, __( 'Invalid post format.' ) ); } } $this->escape( $postdata ); $post_id = $postdata['ID']; $post_content = $postdata['post_content']; $post_title = $postdata['post_title']; $post_excerpt = $postdata['post_excerpt']; $post_password = $postdata['post_password']; $post_parent = $postdata['post_parent']; $post_type = $postdata['post_type']; $menu_order = $postdata['menu_order']; $ping_status = $postdata['ping_status']; $comment_status = $postdata['comment_status']; // Let WordPress manage slug if none was provided. $post_name = $postdata['post_name']; if ( isset( $content_struct['wp_slug'] ) ) { $post_name = $content_struct['wp_slug']; } // Only use a password if one was given. if ( isset( $content_struct['wp_password'] ) ) { $post_password = $content_struct['wp_password']; } // Only set a post parent if one was given. if ( isset( $content_struct['wp_page_parent_id'] ) ) { $post_parent = $content_struct['wp_page_parent_id']; } // Only set the 'menu_order' if it was given. if ( isset( $content_struct['wp_page_order'] ) ) { $menu_order = $content_struct['wp_page_order']; } $page_template = ''; if ( ! empty( $content_struct['wp_page_template'] ) && 'page' === $post_type ) { $page_template = $content_struct['wp_page_template']; } $post_author = $postdata['post_author']; // If an author ID was provided then use it instead. if ( isset( $content_struct['wp_author_id'] ) ) { // Check permissions if attempting to switch author to or from another user. if ( $user->ID !== (int) $content_struct['wp_author_id'] || $user->ID !== (int) $post_author ) { switch ( $post_type ) { case 'post': if ( ! current_user_can( 'edit_others_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to change the post author as this user.' ) ); } break; case 'page': if ( ! current_user_can( 'edit_others_pages' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to change the page author as this user.' ) ); } break; default: return new IXR_Error( 401, __( 'Invalid post type.' ) ); } $post_author = $content_struct['wp_author_id']; } } if ( isset( $content_struct['mt_allow_comments'] ) ) { if ( ! is_numeric( $content_struct['mt_allow_comments'] ) ) { switch ( $content_struct['mt_allow_comments'] ) { case 'closed': $comment_status = 'closed'; break; case 'open': $comment_status = 'open'; break; default: $comment_status = get_default_comment_status( $post_type ); break; } } else { switch ( (int) $content_struct['mt_allow_comments'] ) { case 0: case 2: $comment_status = 'closed'; break; case 1: $comment_status = 'open'; break; default: $comment_status = get_default_comment_status( $post_type ); break; } } } if ( isset( $content_struct['mt_allow_pings'] ) ) { if ( ! is_numeric( $content_struct['mt_allow_pings'] ) ) { switch ( $content_struct['mt_allow_pings'] ) { case 'closed': $ping_status = 'closed'; break; case 'open': $ping_status = 'open'; break; default: $ping_status = get_default_comment_status( $post_type, 'pingback' ); break; } } else { switch ( (int) $content_struct['mt_allow_pings'] ) { case 0: $ping_status = 'closed'; break; case 1: $ping_status = 'open'; break; default: $ping_status = get_default_comment_status( $post_type, 'pingback' ); break; } } } if ( isset( $content_struct['title'] ) ) { $post_title = $content_struct['title']; } if ( isset( $content_struct['description'] ) ) { $post_content = $content_struct['description']; } $post_category = array(); if ( isset( $content_struct['categories'] ) ) { $catnames = $content_struct['categories']; if ( is_array( $catnames ) ) { foreach ( $catnames as $cat ) { $post_category[] = get_cat_ID( $cat ); } } } if ( isset( $content_struct['mt_excerpt'] ) ) { $post_excerpt = $content_struct['mt_excerpt']; } $post_more = isset( $content_struct['mt_text_more'] ) ? $content_struct['mt_text_more'] : ''; $post_status = $publish ? 'publish' : 'draft'; if ( isset( $content_struct[ "{$post_type}_status" ] ) ) { switch ( $content_struct[ "{$post_type}_status" ] ) { case 'draft': case 'pending': case 'private': case 'publish': $post_status = $content_struct[ "{$post_type}_status" ]; break; default: $post_status = $publish ? 'publish' : 'draft'; break; } } $tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : array(); if ( 'publish' === $post_status || 'private' === $post_status ) { if ( 'page' === $post_type && ! current_user_can( 'publish_pages' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this page.' ) ); } elseif ( ! current_user_can( 'publish_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) ); } } if ( $post_more ) { $post_content = $post_content . '<!--more-->' . $post_more; } $to_ping = ''; if ( isset( $content_struct['mt_tb_ping_urls'] ) ) { $to_ping = $content_struct['mt_tb_ping_urls']; if ( is_array( $to_ping ) ) { $to_ping = implode( ' ', $to_ping ); } } // Do some timestamp voodoo. if ( ! empty( $content_struct['date_created_gmt'] ) ) { // We know this is supposed to be GMT, so we're going to slap that Z on there by force. $date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z'; } elseif ( ! empty( $content_struct['dateCreated'] ) ) { $date_created = $content_struct['dateCreated']->getIso(); } // Default to not flagging the post date to be edited unless it's intentional. $edit_date = false; if ( ! empty( $date_created ) ) { $post_date = iso8601_to_datetime( $date_created ); $post_date_gmt = iso8601_to_datetime( $date_created, 'gmt' ); // Flag the post date to be edited. $edit_date = true; } else { $post_date = $postdata['post_date']; $post_date_gmt = $postdata['post_date_gmt']; } $newpost = array( 'ID' => $post_id, ); $newpost += compact( 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'edit_date', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input', 'page_template' ); // We've got all the data -- post it. $result = wp_update_post( $newpost, true ); if ( is_wp_error( $result ) ) { return new IXR_Error( 500, $result->get_error_message() ); } if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the post could not be updated.' ) ); } // Only posts can be sticky. if ( 'post' === $post_type && isset( $content_struct['sticky'] ) ) { $data = $newpost; $data['sticky'] = $content_struct['sticky']; $data['post_type'] = 'post'; $error = $this->_toggle_sticky( $data, true ); if ( $error ) { return $error; } } if ( isset( $content_struct['custom_fields'] ) ) { $this->set_custom_fields( $post_id, $content_struct['custom_fields'] ); } if ( isset( $content_struct['wp_post_thumbnail'] ) ) { // Empty value deletes, non-empty value adds/updates. if ( empty( $content_struct['wp_post_thumbnail'] ) ) { delete_post_thumbnail( $post_id ); } else { if ( set_post_thumbnail( $post_id, $content_struct['wp_post_thumbnail'] ) === false ) { return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); } } unset( $content_struct['wp_post_thumbnail'] ); } // Handle enclosures. $enclosure = isset( $content_struct['enclosure'] ) ? $content_struct['enclosure'] : null; $this->add_enclosure_if_new( $post_id, $enclosure ); $this->attach_uploads( $post_id, $post_content ); // Handle post formats if assigned, validation is handled earlier in this function. if ( isset( $content_struct['wp_post_format'] ) ) { set_post_format( $post_id, $content_struct['wp_post_format'] ); } /** * Fires after a post has been successfully updated via the XML-RPC MovableType API. * * @since 3.4.0 * * @param int $post_id ID of the updated post. * @param array $args An array of arguments to update the post. */ do_action( 'xmlrpc_call_success_mw_editPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return true; } /** * Retrieves a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Post ID. * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function mw_getPost( $args ) { $this->escape( $args ); $post_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } $postdata = get_post( $post_id, ARRAY_A ); if ( ! $postdata ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.getPost', $args, $this ); if ( '' !== $postdata['post_date'] ) { $post_date = $this->_convert_date( $postdata['post_date'] ); $post_date_gmt = $this->_convert_date_gmt( $postdata['post_date_gmt'], $postdata['post_date'] ); $post_modified = $this->_convert_date( $postdata['post_modified'] ); $post_modified_gmt = $this->_convert_date_gmt( $postdata['post_modified_gmt'], $postdata['post_modified'] ); $categories = array(); $cat_ids = wp_get_post_categories( $post_id ); foreach ( $cat_ids as $cat_id ) { $categories[] = get_cat_name( $cat_id ); } $tagnames = array(); $tags = wp_get_post_tags( $post_id ); if ( ! empty( $tags ) ) { foreach ( $tags as $tag ) { $tagnames[] = $tag->name; } $tagnames = implode( ', ', $tagnames ); } else { $tagnames = ''; } $post = get_extended( $postdata['post_content'] ); $link = get_permalink( $postdata['ID'] ); // Get the author info. $author = get_userdata( $postdata['post_author'] ); $allow_comments = ( 'open' === $postdata['comment_status'] ) ? 1 : 0; $allow_pings = ( 'open' === $postdata['ping_status'] ) ? 1 : 0; // Consider future posts as published. if ( 'future' === $postdata['post_status'] ) { $postdata['post_status'] = 'publish'; } // Get post format. $post_format = get_post_format( $post_id ); if ( empty( $post_format ) ) { $post_format = 'standard'; } $sticky = false; if ( is_sticky( $post_id ) ) { $sticky = true; } $enclosure = array(); foreach ( (array) get_post_custom( $post_id ) as $key => $val ) { if ( 'enclosure' === $key ) { foreach ( (array) $val as $enc ) { $encdata = explode( "\n", $enc ); $enclosure['url'] = trim( htmlspecialchars( $encdata[0] ) ); $enclosure['length'] = (int) trim( $encdata[1] ); $enclosure['type'] = trim( $encdata[2] ); break 2; } } } $resp = array( 'dateCreated' => $post_date, 'userid' => $postdata['post_author'], 'postid' => $postdata['ID'], 'description' => $post['main'], 'title' => $postdata['post_title'], 'link' => $link, 'permaLink' => $link, // Commented out because no other tool seems to use this. // 'content' => $entry['post_content'], 'categories' => $categories, 'mt_excerpt' => $postdata['post_excerpt'], 'mt_text_more' => $post['extended'], 'wp_more_text' => $post['more_text'], 'mt_allow_comments' => $allow_comments, 'mt_allow_pings' => $allow_pings, 'mt_keywords' => $tagnames, 'wp_slug' => $postdata['post_name'], 'wp_password' => $postdata['post_password'], 'wp_author_id' => (string) $author->ID, 'wp_author_display_name' => $author->display_name, 'date_created_gmt' => $post_date_gmt, 'post_status' => $postdata['post_status'], 'custom_fields' => $this->get_custom_fields( $post_id ), 'wp_post_format' => $post_format, 'sticky' => $sticky, 'date_modified' => $post_modified, 'date_modified_gmt' => $post_modified_gmt, ); if ( ! empty( $enclosure ) ) { $resp['enclosure'] = $enclosure; } $resp['wp_post_thumbnail'] = get_post_thumbnail_id( $postdata['ID'] ); return $resp; } else { return new IXR_Error( 404, __( 'Sorry, no such post.' ) ); } } /** * Retrieves list of recent posts. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Optional. Number of posts. * } * @return array|IXR_Error */ public function mw_getRecentPosts( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; if ( isset( $args[3] ) ) { $query = array( 'numberposts' => absint( $args[3] ) ); } else { $query = array(); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.getRecentPosts', $args, $this ); $posts_list = wp_get_recent_posts( $query ); if ( ! $posts_list ) { return array(); } $recent_posts = array(); foreach ( $posts_list as $entry ) { if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) { continue; } $post_date = $this->_convert_date( $entry['post_date'] ); $post_date_gmt = $this->_convert_date_gmt( $entry['post_date_gmt'], $entry['post_date'] ); $post_modified = $this->_convert_date( $entry['post_modified'] ); $post_modified_gmt = $this->_convert_date_gmt( $entry['post_modified_gmt'], $entry['post_modified'] ); $categories = array(); $cat_ids = wp_get_post_categories( $entry['ID'] ); foreach ( $cat_ids as $cat_id ) { $categories[] = get_cat_name( $cat_id ); } $tagnames = array(); $tags = wp_get_post_tags( $entry['ID'] ); if ( ! empty( $tags ) ) { foreach ( $tags as $tag ) { $tagnames[] = $tag->name; } $tagnames = implode( ', ', $tagnames ); } else { $tagnames = ''; } $post = get_extended( $entry['post_content'] ); $link = get_permalink( $entry['ID'] ); // Get the post author info. $author = get_userdata( $entry['post_author'] ); $allow_comments = ( 'open' === $entry['comment_status'] ) ? 1 : 0; $allow_pings = ( 'open' === $entry['ping_status'] ) ? 1 : 0; // Consider future posts as published. if ( 'future' === $entry['post_status'] ) { $entry['post_status'] = 'publish'; } // Get post format. $post_format = get_post_format( $entry['ID'] ); if ( empty( $post_format ) ) { $post_format = 'standard'; } $recent_posts[] = array( 'dateCreated' => $post_date, 'userid' => $entry['post_author'], 'postid' => (string) $entry['ID'], 'description' => $post['main'], 'title' => $entry['post_title'], 'link' => $link, 'permaLink' => $link, // Commented out because no other tool seems to use this. // 'content' => $entry['post_content'], 'categories' => $categories, 'mt_excerpt' => $entry['post_excerpt'], 'mt_text_more' => $post['extended'], 'wp_more_text' => $post['more_text'], 'mt_allow_comments' => $allow_comments, 'mt_allow_pings' => $allow_pings, 'mt_keywords' => $tagnames, 'wp_slug' => $entry['post_name'], 'wp_password' => $entry['post_password'], 'wp_author_id' => (string) $author->ID, 'wp_author_display_name' => $author->display_name, 'date_created_gmt' => $post_date_gmt, 'post_status' => $entry['post_status'], 'custom_fields' => $this->get_custom_fields( $entry['ID'] ), 'wp_post_format' => $post_format, 'date_modified' => $post_modified, 'date_modified_gmt' => $post_modified_gmt, 'sticky' => ( 'post' === $entry['post_type'] && is_sticky( $entry['ID'] ) ), 'wp_post_thumbnail' => get_post_thumbnail_id( $entry['ID'] ), ); } return $recent_posts; } /** * Retrieves the list of categories on a given blog. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function mw_getCategories( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.getCategories', $args, $this ); $categories_struct = array(); $cats = get_categories( array( 'get' => 'all' ) ); if ( $cats ) { foreach ( $cats as $cat ) { $struct = array(); $struct['categoryId'] = $cat->term_id; $struct['parentId'] = $cat->parent; $struct['description'] = $cat->name; $struct['categoryDescription'] = $cat->description; $struct['categoryName'] = $cat->name; $struct['htmlUrl'] = esc_html( get_category_link( $cat->term_id ) ); $struct['rssUrl'] = esc_html( get_category_feed_link( $cat->term_id, 'rss2' ) ); $categories_struct[] = $struct; } } return $categories_struct; } /** * Uploads a file, following your settings. * * Adapted from a patch by Johann Richard. * * @link http://mycvs.org/archives/2004/06/30/file-upload-to-wordpress-in-ecto/ * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Data. * } * @return array|IXR_Error */ public function mw_newMediaObject( $args ) { $username = $this->escape( $args[1] ); $password = $this->escape( $args[2] ); $data = $args[3]; $name = sanitize_file_name( $data['name'] ); $type = $data['type']; $bits = $data['bits']; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.newMediaObject', $args, $this ); if ( ! current_user_can( 'upload_files' ) ) { $this->error = new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) ); return $this->error; } if ( is_multisite() && upload_is_user_over_quota( false ) ) { $this->error = new IXR_Error( 401, sprintf( /* translators: %s: Allowed space allocation. */ __( 'Sorry, you have used your space allocation of %s. Please delete some files to upload more files.' ), size_format( get_space_allowed() * MB_IN_BYTES ) ) ); return $this->error; } /** * Filters whether to preempt the XML-RPC media upload. * * Returning a truthy value will effectively short-circuit the media upload, * returning that value as a 500 error instead. * * @since 2.1.0 * * @param bool $error Whether to pre-empt the media upload. Default false. */ $upload_err = apply_filters( 'pre_upload_error', false ); if ( $upload_err ) { return new IXR_Error( 500, $upload_err ); } $upload = wp_upload_bits( $name, null, $bits ); if ( ! empty( $upload['error'] ) ) { /* translators: 1: File name, 2: Error message. */ $error_string = sprintf( __( 'Could not write file %1$s (%2$s).' ), $name, $upload['error'] ); return new IXR_Error( 500, $error_string ); } // Construct the attachment array. $post_id = 0; if ( ! empty( $data['post_id'] ) ) { $post_id = (int) $data['post_id']; if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } } $attachment = array( 'post_title' => $name, 'post_content' => '', 'post_type' => 'attachment', 'post_parent' => $post_id, 'post_mime_type' => $type, 'guid' => $upload['url'], ); // Save the data. $attachment_id = wp_insert_attachment( $attachment, $upload['file'], $post_id ); wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $upload['file'] ) ); /** * Fires after a new attachment has been added via the XML-RPC MovableType API. * * @since 3.4.0 * * @param int $attachment_id ID of the new attachment. * @param array $args An array of arguments to add the attachment. */ do_action( 'xmlrpc_call_success_mw_newMediaObject', $attachment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase $struct = $this->_prepare_media_item( get_post( $attachment_id ) ); // Deprecated values. $struct['id'] = $struct['attachment_id']; $struct['file'] = $struct['title']; $struct['url'] = $struct['link']; return $struct; } /* * MovableType API functions. * Specs archive on https://web.archive.org/web/20050220091302/http://www.movabletype.org/docs/mtmanual_programmatic.html */ /** * Retrieves the post titles of recent posts. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Optional. Number of posts. * } * @return array|IXR_Error */ public function mt_getRecentPostTitles( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; if ( isset( $args[3] ) ) { $query = array( 'numberposts' => absint( $args[3] ) ); } else { $query = array(); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.getRecentPostTitles', $args, $this ); $posts_list = wp_get_recent_posts( $query ); if ( ! $posts_list ) { $this->error = new IXR_Error( 500, __( 'No posts found or an error occurred while retrieving posts.' ) ); return $this->error; } $recent_posts = array(); foreach ( $posts_list as $entry ) { if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) { continue; } $post_date = $this->_convert_date( $entry['post_date'] ); $post_date_gmt = $this->_convert_date_gmt( $entry['post_date_gmt'], $entry['post_date'] ); $recent_posts[] = array( 'dateCreated' => $post_date, 'userid' => $entry['post_author'], 'postid' => (string) $entry['ID'], 'title' => $entry['post_title'], 'post_status' => $entry['post_status'], 'date_created_gmt' => $post_date_gmt, ); } return $recent_posts; } /** * Retrieves the list of all categories on a blog. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function mt_getCategoryList( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.getCategoryList', $args, $this ); $categories_struct = array(); $cats = get_categories( array( 'hide_empty' => 0, 'hierarchical' => 0, ) ); if ( $cats ) { foreach ( $cats as $cat ) { $struct = array(); $struct['categoryId'] = $cat->term_id; $struct['categoryName'] = $cat->name; $categories_struct[] = $struct; } } return $categories_struct; } /** * Retrieves post categories. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Post ID. * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function mt_getPostCategories( $args ) { $this->escape( $args ); $post_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! get_post( $post_id ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.getPostCategories', $args, $this ); $categories = array(); $cat_ids = wp_get_post_categories( (int) $post_id ); // First listed category will be the primary category. $is_primary = true; foreach ( $cat_ids as $cat_id ) { $categories[] = array( 'categoryName' => get_cat_name( $cat_id ), 'categoryId' => (string) $cat_id, 'isPrimary' => $is_primary, ); $is_primary = false; } return $categories; } /** * Sets categories for a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Post ID. * @type string $1 Username. * @type string $2 Password. * @type array $3 Categories. * } * @return true|IXR_Error True on success. */ public function mt_setPostCategories( $args ) { $this->escape( $args ); $post_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $categories = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.setPostCategories', $args, $this ); if ( ! get_post( $post_id ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } $cat_ids = array(); foreach ( $categories as $cat ) { $cat_ids[] = $cat['categoryId']; } wp_set_post_categories( $post_id, $cat_ids ); return true; } /** * Retrieves an array of methods supported by this server. * * @since 1.5.0 * * @return array */ public function mt_supportedMethods() { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.supportedMethods', array(), $this ); return array_keys( $this->methods ); } /** * Retrieves an empty array because we don't support per-post text filters. * * @since 1.5.0 */ public function mt_supportedTextFilters() { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.supportedTextFilters', array(), $this ); /** * Filters the MoveableType text filters list for XML-RPC. * * @since 2.2.0 * * @param array $filters An array of text filters. */ return apply_filters( 'xmlrpc_text_filters', array() ); } /** * Retrieves trackbacks sent to a given post. * * @since 1.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $post_id * @return array|IXR_Error */ public function mt_getTrackbackPings( $post_id ) { global $wpdb; /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.getTrackbackPings', $post_id, $this ); $actual_post = get_post( $post_id, ARRAY_A ); if ( ! $actual_post ) { return new IXR_Error( 404, __( 'Sorry, no such post.' ) ); } $comments = $wpdb->get_results( $wpdb->prepare( "SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_id ) ); if ( ! $comments ) { return array(); } $trackback_pings = array(); foreach ( $comments as $comment ) { if ( 'trackback' === $comment->comment_type ) { $content = $comment->comment_content; $title = substr( $content, 8, ( strpos( $content, '</strong>' ) - 8 ) ); $trackback_pings[] = array( 'pingTitle' => $title, 'pingURL' => $comment->comment_author_url, 'pingIP' => $comment->comment_author_IP, ); } } return $trackback_pings; } /** * Sets a post's publish status to 'publish'. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Post ID. * @type string $1 Username. * @type string $2 Password. * } * @return int|IXR_Error */ public function mt_publishPost( $args ) { $this->escape( $args ); $post_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.publishPost', $args, $this ); $postdata = get_post( $post_id, ARRAY_A ); if ( ! $postdata ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'publish_posts' ) || ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) ); } $postdata['post_status'] = 'publish'; // Retain old categories. $postdata['post_category'] = wp_get_post_categories( $post_id ); $this->escape( $postdata ); return wp_update_post( $postdata ); } /* * Pingback functions. * Specs on www.hixie.ch/specs/pingback/pingback */ /** * Retrieves a pingback and registers it. * * @since 1.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type string $0 URL of page linked from. * @type string $1 URL of page linked to. * } * @return string|IXR_Error */ public function pingback_ping( $args ) { global $wpdb; /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'pingback.ping', $args, $this ); $this->escape( $args ); $pagelinkedfrom = str_replace( '&', '&', $args[0] ); $pagelinkedto = str_replace( '&', '&', $args[1] ); $pagelinkedto = str_replace( '&', '&', $pagelinkedto ); /** * Filters the pingback source URI. * * @since 3.6.0 * * @param string $pagelinkedfrom URI of the page linked from. * @param string $pagelinkedto URI of the page linked to. */ $pagelinkedfrom = apply_filters( 'pingback_ping_source_uri', $pagelinkedfrom, $pagelinkedto ); if ( ! $pagelinkedfrom ) { return $this->pingback_error( 0, __( 'A valid URL was not provided.' ) ); } // Check if the page linked to is on our site. $pos1 = strpos( $pagelinkedto, str_replace( array( 'http://www.', 'http://', 'https://www.', 'https://' ), '', get_option( 'home' ) ) ); if ( ! $pos1 ) { return $this->pingback_error( 0, __( 'Is there no link to us?' ) ); } /* * Let's find which post is linked to. * FIXME: Does url_to_postid() cover all these cases already? * If so, then let's use it and drop the old code. */ $urltest = parse_url( $pagelinkedto ); $post_id = url_to_postid( $pagelinkedto ); if ( $post_id ) { // $way } elseif ( isset( $urltest['path'] ) && preg_match( '#p/[0-9]{1,}#', $urltest['path'], $match ) ) { // The path defines the post_ID (archives/p/XXXX). $blah = explode( '/', $match[0] ); $post_id = (int) $blah[1]; } elseif ( isset( $urltest['query'] ) && preg_match( '#p=[0-9]{1,}#', $urltest['query'], $match ) ) { // The query string defines the post_ID (?p=XXXX). $blah = explode( '=', $match[0] ); $post_id = (int) $blah[1]; } elseif ( isset( $urltest['fragment'] ) ) { // An #anchor is there, it's either... if ( (int) $urltest['fragment'] ) { // ...an integer #XXXX (simplest case), $post_id = (int) $urltest['fragment']; } elseif ( preg_match( '/post-[0-9]+/', $urltest['fragment'] ) ) { // ...a post ID in the form 'post-###', $post_id = preg_replace( '/[^0-9]+/', '', $urltest['fragment'] ); } elseif ( is_string( $urltest['fragment'] ) ) { // ...or a string #title, a little more complicated. $title = preg_replace( '/[^a-z0-9]/i', '.', $urltest['fragment'] ); $sql = $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title ); $post_id = $wpdb->get_var( $sql ); if ( ! $post_id ) { // Returning unknown error '0' is better than die()'ing. return $this->pingback_error( 0, '' ); } } } else { // TODO: Attempt to extract a post ID from the given URL. return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) ); } $post_id = (int) $post_id; $post = get_post( $post_id ); if ( ! $post ) { // Post not found. return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) ); } if ( url_to_postid( $pagelinkedfrom ) === $post_id ) { return $this->pingback_error( 0, __( 'The source URL and the target URL cannot both point to the same resource.' ) ); } // Check if pings are on. if ( ! pings_open( $post ) ) { return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) ); } // Let's check that the remote site didn't already pingback this entry. if ( $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_id, $pagelinkedfrom ) ) ) { return $this->pingback_error( 48, __( 'The pingback has already been registered.' ) ); } /* * The remote site may have sent the pingback before it finished publishing its own content * containing this pingback URL. If that happens then it won't be immediately possible to fetch * the pinging post; adding a small delay reduces the likelihood of this happening. * * While there are more robust methods than calling `sleep()` here (because `sleep()` merely * mitigates the risk of requesting the remote post before it's available), this is effective * enough for most cases and avoids introducing more complexity into this code. * * One way to improve the reliability of this code might be to add failure-handling to the remote * fetch and retry up to a set number of times if it receives a 404. This could also handle 401 and * 403 responses to differentiate the "does not exist" failure from the "may not access" failure. */ sleep( 1 ); $remote_ip = preg_replace( '/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR'] ); /** This filter is documented in wp-includes/class-wp-http.php */ $user_agent = apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $pagelinkedfrom ); // Let's check the remote site. $http_api_args = array( 'timeout' => 10, 'redirection' => 0, 'limit_response_size' => 153600, // 150 KB 'user-agent' => "$user_agent; verifying pingback from $remote_ip", 'headers' => array( 'X-Pingback-Forwarded-For' => $remote_ip, ), ); $request = wp_safe_remote_get( $pagelinkedfrom, $http_api_args ); $remote_source = wp_remote_retrieve_body( $request ); $remote_source_original = $remote_source; if ( ! $remote_source ) { return $this->pingback_error( 16, __( 'The source URL does not exist.' ) ); } /** * Filters the pingback remote source. * * @since 2.5.0 * * @param string $remote_source Response source for the page linked from. * @param string $pagelinkedto URL of the page linked to. */ $remote_source = apply_filters( 'pre_remote_source', $remote_source, $pagelinkedto ); // Work around bug in strip_tags(): $remote_source = str_replace( '<!DOC', '<DOC', $remote_source ); $remote_source = preg_replace( '/[\r\n\t ]+/', ' ', $remote_source ); // normalize spaces $remote_source = preg_replace( '/<\/*(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/', "\n\n", $remote_source ); preg_match( '|<title>([^<]*?)</title>|is', $remote_source, $matchtitle ); $title = isset( $matchtitle[1] ) ? $matchtitle[1] : ''; if ( empty( $title ) ) { return $this->pingback_error( 32, __( 'A title on that page cannot be found.' ) ); } // Remove all script and style tags including their content. $remote_source = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $remote_source ); // Just keep the tag we need. $remote_source = strip_tags( $remote_source, '<a>' ); $p = explode( "\n\n", $remote_source ); $preg_target = preg_quote( $pagelinkedto, '|' ); foreach ( $p as $para ) { if ( str_contains( $para, $pagelinkedto ) ) { // It exists, but is it a link? preg_match( '|<a[^>]+?' . $preg_target . '[^>]*>([^>]+?)</a>|', $para, $context ); // If the URL isn't in a link context, keep looking. if ( empty( $context ) ) { continue; } /* * We're going to use this fake tag to mark the context in a bit. * The marker is needed in case the link text appears more than once in the paragraph. */ $excerpt = preg_replace( '|\</?wpcontext\>|', '', $para ); // prevent really long link text if ( strlen( $context[1] ) > 100 ) { $context[1] = substr( $context[1], 0, 100 ) . '…'; } $marker = '<wpcontext>' . $context[1] . '</wpcontext>'; // Set up our marker. $excerpt = str_replace( $context[0], $marker, $excerpt ); // Swap out the link for our marker. $excerpt = strip_tags( $excerpt, '<wpcontext>' ); // Strip all tags but our context marker. $excerpt = trim( $excerpt ); $preg_marker = preg_quote( $marker, '|' ); $excerpt = preg_replace( "|.*?\s(.{0,100}$preg_marker.{0,100})\s.*|s", '$1', $excerpt ); $excerpt = strip_tags( $excerpt ); // YES, again, to remove the marker wrapper. break; } } if ( empty( $context ) ) { // Link to target not found. return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) ); } $pagelinkedfrom = str_replace( '&', '&', $pagelinkedfrom ); $context = '[…] ' . esc_html( $excerpt ) . ' […]'; $pagelinkedfrom = $this->escape( $pagelinkedfrom ); $comment_post_id = (int) $post_id; $comment_author = $title; $comment_author_email = ''; $this->escape( $comment_author ); $comment_author_url = $pagelinkedfrom; $comment_content = $context; $this->escape( $comment_content ); $comment_type = 'pingback'; $commentdata = array( 'comment_post_ID' => $comment_post_id, ); $commentdata += compact( 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type', 'remote_source', 'remote_source_original' ); $comment_id = wp_new_comment( $commentdata ); if ( is_wp_error( $comment_id ) ) { return $this->pingback_error( 0, $comment_id->get_error_message() ); } /** * Fires after a post pingback has been sent. * * @since 0.71 * * @param int $comment_id Comment ID. */ do_action( 'pingback_post', $comment_id ); /* translators: 1: URL of the page linked from, 2: URL of the page linked to. */ return sprintf( __( 'Pingback from %1$s to %2$s registered. Keep the web talking! :-)' ), $pagelinkedfrom, $pagelinkedto ); } /** * Retrieves an array of URLs that pingbacked the given URL. * * Specs on http://www.aquarionics.com/misc/archives/blogite/0198.html * * @since 1.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $url * @return array|IXR_Error */ public function pingback_extensions_getPingbacks( $url ) { global $wpdb; /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'pingback.extensions.getPingbacks', $url, $this ); $url = $this->escape( $url ); $post_id = url_to_postid( $url ); if ( ! $post_id ) { // We aren't sure that the resource is available and/or pingback enabled. return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) ); } $actual_post = get_post( $post_id, ARRAY_A ); if ( ! $actual_post ) { // No such post = resource not found. return $this->pingback_error( 32, __( 'The specified target URL does not exist.' ) ); } $comments = $wpdb->get_results( $wpdb->prepare( "SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_id ) ); if ( ! $comments ) { return array(); } $pingbacks = array(); foreach ( $comments as $comment ) { if ( 'pingback' === $comment->comment_type ) { $pingbacks[] = $comment->comment_author_url; } } return $pingbacks; } /** * Sends a pingback error based on the given error code and message. * * @since 3.6.0 * * @param int $code Error code. * @param string $message Error message. * @return IXR_Error Error object. */ protected function pingback_error( $code, $message ) { /** * Filters the XML-RPC pingback error return. * * @since 3.5.1 * * @param IXR_Error $error An IXR_Error object containing the error code and message. */ return apply_filters( 'xmlrpc_pingback_error', new IXR_Error( $code, $message ) ); } } feed-atom-comments.php 0000666 00000012600 15225074365 0010755 0 ustar 00 <?php /** * Atom Feed Template for displaying Atom Comments feed. * * @package WordPress */ header( 'Content-Type: ' . feed_content_type( 'atom' ) . '; charset=' . get_option( 'blog_charset' ), true ); echo '<?xml version="1.0" encoding="' . get_option( 'blog_charset' ) . '" ?' . '>'; /** This action is documented in wp-includes/feed-rss2.php */ do_action( 'rss_tag_pre', 'atom-comments' ); ?> <feed xmlns="http://www.w3.org/2005/Atom" xml:lang="<?php bloginfo_rss( 'language' ); ?>" xmlns:thr="http://purl.org/syndication/thread/1.0" <?php /** This action is documented in wp-includes/feed-atom.php */ do_action( 'atom_ns' ); /** * Fires inside the feed tag in the Atom comment feed. * * @since 2.8.0 */ do_action( 'atom_comments_ns' ); ?> > <title type="text"> <?php if ( is_singular() ) { /* translators: Comments feed title. %s: Post title. */ printf( ent2ncr( __( 'Comments on %s' ) ), get_the_title_rss() ); } elseif ( is_search() ) { /* translators: Comments feed title. 1: Site title, 2: Search query. */ printf( ent2ncr( __( 'Comments for %1$s searching on %2$s' ) ), get_bloginfo_rss( 'name' ), get_search_query() ); } else { /* translators: Comments feed title. %s: Site title. */ printf( ent2ncr( __( 'Comments for %s' ) ), get_wp_title_rss() ); } ?> </title> <subtitle type="text"><?php bloginfo_rss( 'description' ); ?></subtitle> <updated><?php echo get_feed_build_date( 'Y-m-d\TH:i:s\Z' ); ?></updated> <?php if ( is_singular() ) : ?> <link rel="alternate" type="<?php bloginfo_rss( 'html_type' ); ?>" href="<?php comments_link_feed(); ?>" /> <link rel="self" type="application/atom+xml" href="<?php echo esc_url( get_post_comments_feed_link( '', 'atom' ) ); ?>" /> <id><?php echo esc_url( get_post_comments_feed_link( '', 'atom' ) ); ?></id> <?php elseif ( is_search() ) : ?> <link rel="alternate" type="<?php bloginfo_rss( 'html_type' ); ?>" href="<?php echo home_url() . '?s=' . get_search_query(); ?>" /> <link rel="self" type="application/atom+xml" href="<?php echo get_search_comments_feed_link( '', 'atom' ); ?>" /> <id><?php echo get_search_comments_feed_link( '', 'atom' ); ?></id> <?php else : ?> <link rel="alternate" type="<?php bloginfo_rss( 'html_type' ); ?>" href="<?php bloginfo_rss( 'url' ); ?>" /> <link rel="self" type="application/atom+xml" href="<?php bloginfo_rss( 'comments_atom_url' ); ?>" /> <id><?php bloginfo_rss( 'comments_atom_url' ); ?></id> <?php endif; ?> <?php /** * Fires at the end of the Atom comment feed header. * * @since 2.8.0 */ do_action( 'comments_atom_head' ); ?> <?php while ( have_comments() ) : the_comment(); $comment_post = get_post( $comment->comment_post_ID ); /** * @global WP_Post $post Global post object. */ $GLOBALS['post'] = $comment_post; ?> <entry> <title> <?php if ( ! is_singular() ) { $title = get_the_title( $comment_post->ID ); /** This filter is documented in wp-includes/feed.php */ $title = apply_filters( 'the_title_rss', $title ); /* translators: Individual comment title. 1: Post title, 2: Comment author name. */ printf( ent2ncr( __( 'Comment on %1$s by %2$s' ) ), $title, get_comment_author_rss() ); } else { /* translators: Comment author title. %s: Comment author name. */ printf( ent2ncr( __( 'By: %s' ) ), get_comment_author_rss() ); } ?> </title> <link rel="alternate" href="<?php comment_link(); ?>" type="<?php bloginfo_rss( 'html_type' ); ?>" /> <author> <name><?php comment_author_rss(); ?></name> <?php if ( get_comment_author_url() ) { echo '<uri>' . get_comment_author_url() . '</uri>'; } ?> </author> <id><?php comment_guid(); ?></id> <updated><?php echo mysql2date( 'Y-m-d\TH:i:s\Z', get_comment_time( 'Y-m-d H:i:s', true, false ), false ); ?></updated> <published><?php echo mysql2date( 'Y-m-d\TH:i:s\Z', get_comment_time( 'Y-m-d H:i:s', true, false ), false ); ?></published> <?php if ( post_password_required( $comment_post ) ) : ?> <content type="html" xml:base="<?php comment_link(); ?>"><![CDATA[<?php echo get_the_password_form(); ?>]]></content> <?php else : ?> <content type="html" xml:base="<?php comment_link(); ?>"><![CDATA[<?php comment_text(); ?>]]></content> <?php endif; // End if post_password_required(). ?> <?php // Return comment threading information (https://www.ietf.org/rfc/rfc4685.txt). if ( '0' === $comment->comment_parent ) : // This comment is top-level. ?> <thr:in-reply-to ref="<?php the_guid(); ?>" href="<?php the_permalink_rss(); ?>" type="<?php bloginfo_rss( 'html_type' ); ?>" /> <?php else : // This comment is in reply to another comment. $parent_comment = get_comment( $comment->comment_parent ); /* * The rel attribute below and the id tag above should be GUIDs, * but WP doesn't create them for comments (unlike posts). * Either way, it's more important that they both use the same system. */ ?> <thr:in-reply-to ref="<?php comment_guid( $parent_comment ); ?>" href="<?php echo get_comment_link( $parent_comment ); ?>" type="<?php bloginfo_rss( 'html_type' ); ?>" /> <?php endif; /** * Fires at the end of each Atom comment feed item. * * @since 2.2.0 * * @param int $comment_id ID of the current comment. * @param int $comment_post_id ID of the post the current comment is connected to. */ do_action( 'comment_atom_entry', $comment->comment_ID, $comment_post->ID ); ?> </entry> <?php endwhile; ?> </feed> https-detection-20260614090608.php 0000666 00000013341 15225074365 0012003 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605103841.php 0000666 00000013341 15225074365 0011775 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-user.php 0000666 00000055004 15225074365 0010003 0 ustar 00 <?php /** * User API: WP_User class * * @package WordPress * @subpackage Users * @since 4.4.0 */ /** * Core class used to implement the WP_User object. * * @since 2.0.0 * @since 6.8.0 The `user_pass` property is now hashed using bcrypt by default instead of phpass. * Existing passwords may still be hashed using phpass. * * @property string $nickname * @property string $description * @property string $user_description * @property string $first_name * @property string $user_firstname * @property string $last_name * @property string $user_lastname * @property string $user_login * @property string $user_pass * @property string $user_nicename * @property string $user_email * @property string $user_url * @property string $user_registered * @property string $user_activation_key * @property string $user_status * @property int $user_level * @property string $display_name * @property string $spam * @property string $deleted * @property string $locale * @property string $rich_editing * @property string $syntax_highlighting * @property string $use_ssl */ #[AllowDynamicProperties] class WP_User { /** * User data container. * * @since 2.0.0 * @var stdClass */ public $data; /** * The user's ID. * * @since 2.1.0 * @var int */ public $ID = 0; /** * Capabilities that the individual user has been granted outside of those inherited from their role. * * @since 2.0.0 * @var bool[] Array of key/value pairs where keys represent a capability name * and boolean values represent whether the user has that capability. */ public $caps = array(); /** * User metadata option name. * * @since 2.0.0 * @var string */ public $cap_key; /** * The roles the user is part of. * * @since 2.0.0 * @var string[] */ public $roles = array(); /** * All capabilities the user has, including individual and role based. * * @since 2.0.0 * @var bool[] Array of key/value pairs where keys represent a capability name * and boolean values represent whether the user has that capability. */ public $allcaps = array(); /** * The filter context applied to user data fields. * * @since 2.9.0 * @var string */ public $filter = null; /** * The site ID the capabilities of this user are initialized for. * * @since 4.9.0 * @var int */ private $site_id = 0; /** * @since 3.3.0 * @var array */ private static $back_compat_keys; /** * Constructor. * * Retrieves the userdata and passes it to WP_User::init(). * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int|string|stdClass|WP_User $id User's ID, a WP_User object, or a user object from the DB. * @param string $name Optional. User's username * @param int $site_id Optional Site ID, defaults to current site. */ public function __construct( $id = 0, $name = '', $site_id = 0 ) { global $wpdb; if ( ! isset( self::$back_compat_keys ) ) { $prefix = $wpdb->prefix; self::$back_compat_keys = array( 'user_firstname' => 'first_name', 'user_lastname' => 'last_name', 'user_description' => 'description', 'user_level' => $prefix . 'user_level', $prefix . 'usersettings' => $prefix . 'user-settings', $prefix . 'usersettingstime' => $prefix . 'user-settings-time', ); } if ( $id instanceof WP_User ) { $this->init( $id->data, $site_id ); return; } elseif ( is_object( $id ) ) { $this->init( $id, $site_id ); return; } if ( ! empty( $id ) && ! is_numeric( $id ) ) { $name = $id; $id = 0; } if ( $id ) { $data = self::get_data_by( 'id', $id ); } else { $data = self::get_data_by( 'login', $name ); } if ( $data ) { $this->init( $data, $site_id ); } else { $this->data = new stdClass(); } } /** * Sets up object properties, including capabilities. * * @since 3.3.0 * * @param object $data User DB row object. * @param int $site_id Optional. The site ID to initialize for. */ public function init( $data, $site_id = 0 ) { if ( ! isset( $data->ID ) ) { $data->ID = 0; } $this->data = $data; $this->ID = (int) $data->ID; $this->for_site( $site_id ); } /** * Returns only the main user fields. * * @since 3.3.0 * @since 4.4.0 Added 'ID' as an alias of 'id' for the `$field` parameter. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $field The field to query against: Accepts 'id', 'ID', 'slug', 'email' or 'login'. * @param string|int $value The field value. * @return object|false Raw user object. */ public static function get_data_by( $field, $value ) { global $wpdb; // 'ID' is an alias of 'id'. if ( 'ID' === $field ) { $field = 'id'; } if ( 'id' === $field ) { // Make sure the value is numeric to avoid casting objects, for example, to int 1. if ( ! is_numeric( $value ) ) { return false; } $value = (int) $value; if ( $value < 1 ) { return false; } } else { $value = trim( $value ); } if ( ! $value ) { return false; } switch ( $field ) { case 'id': $user_id = $value; $db_field = 'ID'; break; case 'slug': $user_id = wp_cache_get( $value, 'userslugs' ); $db_field = 'user_nicename'; break; case 'email': $user_id = wp_cache_get( $value, 'useremail' ); $db_field = 'user_email'; break; case 'login': $value = sanitize_user( $value ); $user_id = wp_cache_get( $value, 'userlogins' ); $db_field = 'user_login'; break; default: return false; } if ( false !== $user_id ) { $user = wp_cache_get( $user_id, 'users' ); if ( $user ) { return $user; } } $user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE $db_field = %s LIMIT 1", $value ) ); if ( ! $user ) { return false; } update_user_caches( $user ); return $user; } /** * Magic method for checking the existence of a certain custom field. * * @since 3.3.0 * * @param string $key User meta key to check if set. * @return bool Whether the given user meta key is set. */ public function __isset( $key ) { if ( 'id' === $key ) { _deprecated_argument( 'WP_User->id', '2.1.0', sprintf( /* translators: %s: WP_User->ID */ __( 'Use %s instead.' ), '<code>WP_User->ID</code>' ) ); $key = 'ID'; } if ( isset( $this->data->$key ) ) { return true; } if ( isset( self::$back_compat_keys[ $key ] ) ) { $key = self::$back_compat_keys[ $key ]; } return metadata_exists( 'user', $this->ID, $key ); } /** * Magic method for accessing custom fields. * * @since 3.3.0 * * @param string $key User meta key to retrieve. * @return mixed Value of the given user meta key (if set). If `$key` is 'id', the user ID. */ public function __get( $key ) { if ( 'id' === $key ) { _deprecated_argument( 'WP_User->id', '2.1.0', sprintf( /* translators: %s: WP_User->ID */ __( 'Use %s instead.' ), '<code>WP_User->ID</code>' ) ); return $this->ID; } if ( isset( $this->data->$key ) ) { $value = $this->data->$key; } else { if ( isset( self::$back_compat_keys[ $key ] ) ) { $key = self::$back_compat_keys[ $key ]; } $value = get_user_meta( $this->ID, $key, true ); } if ( $this->filter ) { $value = sanitize_user_field( $key, $value, $this->ID, $this->filter ); } return $value; } /** * Magic method for setting custom user fields. * * This method does not update custom fields in the database. It only stores * the value on the WP_User instance. * * @since 3.3.0 * * @param string $key User meta key. * @param mixed $value User meta value. */ public function __set( $key, $value ) { if ( 'id' === $key ) { _deprecated_argument( 'WP_User->id', '2.1.0', sprintf( /* translators: %s: WP_User->ID */ __( 'Use %s instead.' ), '<code>WP_User->ID</code>' ) ); $this->ID = $value; return; } $this->data->$key = $value; } /** * Magic method for unsetting a certain custom field. * * @since 4.4.0 * * @param string $key User meta key to unset. */ public function __unset( $key ) { if ( 'id' === $key ) { _deprecated_argument( 'WP_User->id', '2.1.0', sprintf( /* translators: %s: WP_User->ID */ __( 'Use %s instead.' ), '<code>WP_User->ID</code>' ) ); } if ( isset( $this->data->$key ) ) { unset( $this->data->$key ); } if ( isset( self::$back_compat_keys[ $key ] ) ) { unset( self::$back_compat_keys[ $key ] ); } } /** * Determines whether the user exists in the database. * * @since 3.4.0 * * @return bool True if user exists in the database, false if not. */ public function exists() { return ! empty( $this->ID ); } /** * Retrieves the value of a property or meta key. * * Retrieves from the users and usermeta table. * * @since 3.3.0 * * @param string $key Property * @return mixed */ public function get( $key ) { return $this->__get( $key ); } /** * Determines whether a property or meta key is set. * * Consults the users and usermeta tables. * * @since 3.3.0 * * @param string $key Property. * @return bool */ public function has_prop( $key ) { return $this->__isset( $key ); } /** * Returns an array representation. * * @since 3.5.0 * * @return array Array representation. */ public function to_array() { return get_object_vars( $this->data ); } /** * Makes private/protected methods readable for backward compatibility. * * @since 4.3.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( '_init_caps' === $name ) { return $this->_init_caps( ...$arguments ); } return false; } /** * Sets up capability object properties. * * Will set the value for the 'cap_key' property to current database table * prefix, followed by 'capabilities'. Will then check to see if the * property matching the 'cap_key' exists and is an array. If so, it will be * used. * * @since 2.1.0 * @deprecated 4.9.0 Use WP_User::for_site() * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $cap_key Optional capability key */ protected function _init_caps( $cap_key = '' ) { global $wpdb; _deprecated_function( __METHOD__, '4.9.0', 'WP_User::for_site()' ); if ( empty( $cap_key ) ) { $this->cap_key = $wpdb->get_blog_prefix( $this->site_id ) . 'capabilities'; } else { $this->cap_key = $cap_key; } $this->caps = $this->get_caps_data(); $this->get_role_caps(); } /** * Retrieves all of the capabilities of the user's roles, and merges them with * individual user capabilities. * * All of the capabilities of the user's roles are merged with the user's individual * capabilities. This means that the user can be denied specific capabilities that * their role might have, but the user is specifically denied. * * @since 2.0.0 * * @return bool[] Array of key/value pairs where keys represent a capability name * and boolean values represent whether the user has that capability. */ public function get_role_caps() { $switch_site = false; if ( is_multisite() && get_current_blog_id() !== $this->site_id ) { $switch_site = true; switch_to_blog( $this->site_id ); } $wp_roles = wp_roles(); // Select caps that are role names and assign to $this->roles. if ( is_array( $this->caps ) ) { $this->roles = array(); foreach ( $this->caps as $key => $value ) { if ( $wp_roles->is_role( $key ) ) { $this->roles[] = $key; } } } // Build $allcaps from role caps, overlay user's $caps. $this->allcaps = array(); foreach ( (array) $this->roles as $role ) { $the_role = $wp_roles->get_role( $role ); $this->allcaps = array_merge( (array) $this->allcaps, (array) $the_role->capabilities ); } $this->allcaps = array_merge( (array) $this->allcaps, (array) $this->caps ); if ( $switch_site ) { restore_current_blog(); } return $this->allcaps; } /** * Adds role to user. * * Updates the user's meta data option with capabilities and roles. * * @since 2.0.0 * * @param string $role Role name. */ public function add_role( $role ) { if ( empty( $role ) ) { return; } if ( in_array( $role, $this->roles, true ) ) { return; } $this->caps[ $role ] = true; update_user_meta( $this->ID, $this->cap_key, $this->caps ); $this->get_role_caps(); $this->update_user_level_from_caps(); /** * Fires immediately after the user has been given a new role. * * @since 4.3.0 * * @param int $user_id The user ID. * @param string $role The new role. */ do_action( 'add_user_role', $this->ID, $role ); } /** * Removes role from user. * * @since 2.0.0 * * @param string $role Role name. */ public function remove_role( $role ) { if ( ! in_array( $role, $this->roles, true ) ) { return; } unset( $this->caps[ $role ] ); update_user_meta( $this->ID, $this->cap_key, $this->caps ); $this->get_role_caps(); $this->update_user_level_from_caps(); /** * Fires immediately after a role as been removed from a user. * * @since 4.3.0 * * @param int $user_id The user ID. * @param string $role The removed role. */ do_action( 'remove_user_role', $this->ID, $role ); } /** * Sets the role of the user. * * This will remove the previous roles of the user and assign the user the * new one. You can set the role to an empty string and it will remove all * of the roles from the user. * * @since 2.0.0 * * @param string $role Role name. */ public function set_role( $role ) { if ( 1 === count( $this->roles ) && current( $this->roles ) === $role ) { return; } foreach ( (array) $this->roles as $oldrole ) { unset( $this->caps[ $oldrole ] ); } $old_roles = $this->roles; if ( ! empty( $role ) ) { $this->caps[ $role ] = true; $this->roles = array( $role => true ); } else { $this->roles = array(); } update_user_meta( $this->ID, $this->cap_key, $this->caps ); $this->get_role_caps(); $this->update_user_level_from_caps(); foreach ( $old_roles as $old_role ) { if ( ! $old_role || $old_role === $role ) { continue; } /** This action is documented in wp-includes/class-wp-user.php */ do_action( 'remove_user_role', $this->ID, $old_role ); } if ( $role && ! in_array( $role, $old_roles, true ) ) { /** This action is documented in wp-includes/class-wp-user.php */ do_action( 'add_user_role', $this->ID, $role ); } /** * Fires after the user's role has changed. * * @since 2.9.0 * @since 3.6.0 Added $old_roles to include an array of the user's previous roles. * * @param int $user_id The user ID. * @param string $role The new role. * @param string[] $old_roles An array of the user's previous roles. */ do_action( 'set_user_role', $this->ID, $role, $old_roles ); } /** * Chooses the maximum level the user has. * * Will compare the level from the $item parameter against the $max * parameter. If the item is incorrect, then just the $max parameter value * will be returned. * * Used to get the max level based on the capabilities the user has. This * is also based on roles, so if the user is assigned the Administrator role * then the capability 'level_10' will exist and the user will get that * value. * * @since 2.0.0 * * @param int $max Max level of user. * @param string $item Level capability name. * @return int Max Level. */ public function level_reduction( $max, $item ) { if ( preg_match( '/^level_(10|[0-9])$/i', $item, $matches ) ) { $level = (int) $matches[1]; return max( $max, $level ); } else { return $max; } } /** * Updates the maximum user level for the user. * * Updates the 'user_level' user metadata (includes prefix that is the * database table prefix) with the maximum user level. Gets the value from * the all of the capabilities that the user has. * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. */ public function update_user_level_from_caps() { global $wpdb; $this->user_level = array_reduce( array_keys( $this->allcaps ), array( $this, 'level_reduction' ), 0 ); update_user_meta( $this->ID, $wpdb->get_blog_prefix() . 'user_level', $this->user_level ); } /** * Adds capability and grant or deny access to capability. * * @since 2.0.0 * * @param string $cap Capability name. * @param bool $grant Whether to grant capability to user. */ public function add_cap( $cap, $grant = true ) { $this->caps[ $cap ] = $grant; update_user_meta( $this->ID, $this->cap_key, $this->caps ); $this->get_role_caps(); $this->update_user_level_from_caps(); } /** * Removes capability from user. * * @since 2.0.0 * * @param string $cap Capability name. */ public function remove_cap( $cap ) { if ( ! isset( $this->caps[ $cap ] ) ) { return; } unset( $this->caps[ $cap ] ); update_user_meta( $this->ID, $this->cap_key, $this->caps ); $this->get_role_caps(); $this->update_user_level_from_caps(); } /** * Removes all of the capabilities of the user. * * @since 2.1.0 * * @global wpdb $wpdb WordPress database abstraction object. */ public function remove_all_caps() { global $wpdb; $this->caps = array(); delete_user_meta( $this->ID, $this->cap_key ); delete_user_meta( $this->ID, $wpdb->get_blog_prefix() . 'user_level' ); $this->get_role_caps(); } /** * Returns whether the user has the specified capability. * * This function also accepts an ID of an object to check against if the capability is a meta capability. Meta * capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to * map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`. * * Example usage: * * $user->has_cap( 'edit_posts' ); * $user->has_cap( 'edit_post', $post->ID ); * $user->has_cap( 'edit_post_meta', $post->ID, $meta_key ); * * While checking against a role in place of a capability is supported in part, this practice is discouraged as it * may produce unreliable results. * * @since 2.0.0 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter * by adding it to the function signature. * * @see map_meta_cap() * * @param string $cap Capability name. * @param mixed ...$args Optional further parameters, typically starting with an object ID. * @return bool Whether the user has the given capability, or, if an object ID is passed, whether the user has * the given capability for that object. */ public function has_cap( $cap, ...$args ) { if ( is_numeric( $cap ) ) { _deprecated_argument( __FUNCTION__, '2.0.0', __( 'Usage of user levels is deprecated. Use capabilities instead.' ) ); $cap = $this->translate_level_to_cap( $cap ); } $caps = map_meta_cap( $cap, $this->ID, ...$args ); // Multisite super admin has all caps by definition, Unless specifically denied. if ( is_multisite() && is_super_admin( $this->ID ) ) { if ( in_array( 'do_not_allow', $caps, true ) ) { return false; } return true; } // Maintain BC for the argument passed to the "user_has_cap" filter. $args = array_merge( array( $cap, $this->ID ), $args ); /** * Dynamically filter a user's capabilities. * * @since 2.0.0 * @since 3.7.0 Added the `$user` parameter. * * @param bool[] $allcaps Array of key/value pairs where keys represent a capability name * and boolean values represent whether the user has that capability. * @param string[] $caps Required primitive capabilities for the requested capability. * @param array $args { * Arguments that accompany the requested capability check. * * @type string $0 Requested capability. * @type int $1 Concerned user ID. * @type mixed ...$2 Optional second and further parameters, typically object ID. * } * @param WP_User $user The user object. */ $capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args, $this ); // Everyone is allowed to exist. $capabilities['exist'] = true; // Nobody is allowed to do things they are not allowed to do. unset( $capabilities['do_not_allow'] ); // Must have ALL requested caps. foreach ( (array) $caps as $cap ) { if ( empty( $capabilities[ $cap ] ) ) { return false; } } return true; } /** * Converts numeric level to level capability name. * * Prepends 'level_' to level number. * * @since 2.0.0 * * @param int $level Level number, 1 to 10. * @return string */ public function translate_level_to_cap( $level ) { return 'level_' . $level; } /** * Sets the site to operate on. Defaults to the current site. * * @since 3.0.0 * @deprecated 4.9.0 Use WP_User::for_site() * * @param int $blog_id Optional. Site ID, defaults to current site. */ public function for_blog( $blog_id = 0 ) { _deprecated_function( __METHOD__, '4.9.0', 'WP_User::for_site()' ); $this->for_site( $blog_id ); } /** * Sets the site to operate on. Defaults to the current site. * * @since 4.9.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $site_id Site ID to initialize user capabilities for. Default is the current site. */ public function for_site( $site_id = 0 ) { global $wpdb; if ( ! empty( $site_id ) ) { $this->site_id = absint( $site_id ); } else { $this->site_id = get_current_blog_id(); } $this->cap_key = $wpdb->get_blog_prefix( $this->site_id ) . 'capabilities'; $this->caps = $this->get_caps_data(); $this->get_role_caps(); } /** * Gets the ID of the site for which the user's capabilities are currently initialized. * * @since 4.9.0 * * @return int Site ID. */ public function get_site_id() { return $this->site_id; } /** * Gets the available user capabilities data. * * @since 4.9.0 * * @return bool[] List of capabilities keyed by the capability name, * e.g. `array( 'edit_posts' => true, 'delete_posts' => false )`. */ private function get_caps_data() { $caps = get_user_meta( $this->ID, $this->cap_key, true ); if ( ! is_array( $caps ) ) { return array(); } return $caps; } } class-wp-query.php 0000666 00000477640 15225074365 0010210 0 ustar 00 <?php /** * Query API: WP_Query class * * @package WordPress * @subpackage Query * @since 4.7.0 */ /** * The WordPress Query class. * * @link https://developer.wordpress.org/reference/classes/wp_query/ * * @since 1.5.0 * @since 4.5.0 Removed the `$comments_popup` property. */ #[AllowDynamicProperties] class WP_Query { /** * Query vars set by the user. * * @since 1.5.0 * @var array */ public $query; /** * Query vars, after parsing. * * @since 1.5.0 * @var array */ public $query_vars = array(); /** * Taxonomy query, as passed to get_tax_sql(). * * @since 3.1.0 * @var WP_Tax_Query|null A taxonomy query instance. */ public $tax_query; /** * Metadata query container. * * @since 3.2.0 * @var WP_Meta_Query A meta query instance. */ public $meta_query = false; /** * Date query container. * * @since 3.7.0 * @var WP_Date_Query A date query instance. */ public $date_query = false; /** * Holds the data for a single object that is queried. * * Holds the contents of a post, page, category, attachment. * * @since 1.5.0 * @var WP_Term|WP_Post_Type|WP_Post|WP_User|null */ public $queried_object; /** * The ID of the queried object. * * @since 1.5.0 * @var int */ public $queried_object_id; /** * SQL for the database query. * * @since 2.0.1 * @var string */ public $request; /** * Array of post objects or post IDs. * * @since 1.5.0 * @var WP_Post[]|int[] */ public $posts; /** * The number of posts for the current query. * * @since 1.5.0 * @var int */ public $post_count = 0; /** * Index of the current item in the loop. * * @since 1.5.0 * @var int */ public $current_post = -1; /** * Whether the caller is before the loop. * * @since 6.3.0 * @var bool */ public $before_loop = true; /** * Whether the loop has started and the caller is in the loop. * * @since 2.0.0 * @var bool */ public $in_the_loop = false; /** * The current post. * * This property does not get populated when the `fields` argument is set to * `ids` or `id=>parent`. * * @since 1.5.0 * @var WP_Post|null */ public $post; /** * The list of comments for current post. * * @since 2.2.0 * @var WP_Comment[] */ public $comments; /** * The number of comments for the posts. * * @since 2.2.0 * @var int */ public $comment_count = 0; /** * The index of the comment in the comment loop. * * @since 2.2.0 * @var int */ public $current_comment = -1; /** * Current comment object. * * @since 2.2.0 * @var WP_Comment */ public $comment; /** * The number of found posts for the current query. * * If limit clause was not used, equals $post_count. * * @since 2.1.0 * @var int */ public $found_posts = 0; /** * The number of pages. * * @since 2.1.0 * @var int */ public $max_num_pages = 0; /** * The number of comment pages. * * @since 2.7.0 * @var int */ public $max_num_comment_pages = 0; /** * Signifies whether the current query is for a single post. * * @since 1.5.0 * @var bool */ public $is_single = false; /** * Signifies whether the current query is for a preview. * * @since 2.0.0 * @var bool */ public $is_preview = false; /** * Signifies whether the current query is for a page. * * @since 1.5.0 * @var bool */ public $is_page = false; /** * Signifies whether the current query is for an archive. * * @since 1.5.0 * @var bool */ public $is_archive = false; /** * Signifies whether the current query is for a date archive. * * @since 1.5.0 * @var bool */ public $is_date = false; /** * Signifies whether the current query is for a year archive. * * @since 1.5.0 * @var bool */ public $is_year = false; /** * Signifies whether the current query is for a month archive. * * @since 1.5.0 * @var bool */ public $is_month = false; /** * Signifies whether the current query is for a day archive. * * @since 1.5.0 * @var bool */ public $is_day = false; /** * Signifies whether the current query is for a specific time. * * @since 1.5.0 * @var bool */ public $is_time = false; /** * Signifies whether the current query is for an author archive. * * @since 1.5.0 * @var bool */ public $is_author = false; /** * Signifies whether the current query is for a category archive. * * @since 1.5.0 * @var bool */ public $is_category = false; /** * Signifies whether the current query is for a tag archive. * * @since 2.3.0 * @var bool */ public $is_tag = false; /** * Signifies whether the current query is for a taxonomy archive. * * @since 2.5.0 * @var bool */ public $is_tax = false; /** * Signifies whether the current query is for a search. * * @since 1.5.0 * @var bool */ public $is_search = false; /** * Signifies whether the current query is for a feed. * * @since 1.5.0 * @var bool */ public $is_feed = false; /** * Signifies whether the current query is for a comment feed. * * @since 2.2.0 * @var bool */ public $is_comment_feed = false; /** * Signifies whether the current query is for trackback endpoint call. * * @since 1.5.0 * @var bool */ public $is_trackback = false; /** * Signifies whether the current query is for the site homepage. * * @since 1.5.0 * @var bool */ public $is_home = false; /** * Signifies whether the current query is for the Privacy Policy page. * * @since 5.2.0 * @var bool */ public $is_privacy_policy = false; /** * Signifies whether the current query couldn't find anything. * * @since 1.5.0 * @var bool */ public $is_404 = false; /** * Signifies whether the current query is for an embed. * * @since 4.4.0 * @var bool */ public $is_embed = false; /** * Signifies whether the current query is for a paged result and not for the first page. * * @since 1.5.0 * @var bool */ public $is_paged = false; /** * Signifies whether the current query is for an administrative interface page. * * @since 1.5.0 * @var bool */ public $is_admin = false; /** * Signifies whether the current query is for an attachment page. * * @since 2.0.0 * @var bool */ public $is_attachment = false; /** * Signifies whether the current query is for an existing single post of any post type * (post, attachment, page, custom post types). * * @since 2.1.0 * @var bool */ public $is_singular = false; /** * Signifies whether the current query is for the robots.txt file. * * @since 2.1.0 * @var bool */ public $is_robots = false; /** * Signifies whether the current query is for the favicon.ico file. * * @since 5.4.0 * @var bool */ public $is_favicon = false; /** * Signifies whether the current query is for the page_for_posts page. * * Basically, the homepage if the option isn't set for the static homepage. * * @since 2.1.0 * @var bool */ public $is_posts_page = false; /** * Signifies whether the current query is for a post type archive. * * @since 3.1.0 * @var bool */ public $is_post_type_archive = false; /** * Stores the ->query_vars state like md5(serialize( $this->query_vars ) ) so we know * whether we have to re-parse because something has changed * * @since 3.1.0 * @var bool|string */ private $query_vars_hash = false; /** * Whether query vars have changed since the initial parse_query() call. Used to catch modifications to query vars made * via pre_get_posts hooks. * * @since 3.1.1 * @var bool */ private $query_vars_changed = true; /** * Set if post thumbnails are cached * * @since 3.2.0 * @var bool */ public $thumbnails_cached = false; /** * Controls whether an attachment query should include filenames or not. * * @since 6.0.3 * @var bool */ protected $allow_query_attachment_by_filename = false; /** * Cached list of search stopwords. * * @since 3.7.0 * @var array */ private $stopwords; private $compat_fields = array( 'query_vars_hash', 'query_vars_changed' ); private $compat_methods = array( 'init_query_flags', 'parse_tax_query' ); /** * The cache key generated by the query. * * The cache key is generated by the method ::generate_cache_key() after the * query has been normalized. * * @since 6.8.0 * @var string */ private $query_cache_key = ''; /** * Resets query flags to false. * * The query flags are what page info WordPress was able to figure out. * * @since 2.0.0 */ private function init_query_flags() { $this->is_single = false; $this->is_preview = false; $this->is_page = false; $this->is_archive = false; $this->is_date = false; $this->is_year = false; $this->is_month = false; $this->is_day = false; $this->is_time = false; $this->is_author = false; $this->is_category = false; $this->is_tag = false; $this->is_tax = false; $this->is_search = false; $this->is_feed = false; $this->is_comment_feed = false; $this->is_trackback = false; $this->is_home = false; $this->is_privacy_policy = false; $this->is_404 = false; $this->is_paged = false; $this->is_admin = false; $this->is_attachment = false; $this->is_singular = false; $this->is_robots = false; $this->is_favicon = false; $this->is_posts_page = false; $this->is_post_type_archive = false; } /** * Initiates object properties and sets default values. * * @since 1.5.0 */ public function init() { unset( $this->posts ); unset( $this->query ); $this->query_vars = array(); unset( $this->queried_object ); unset( $this->queried_object_id ); $this->post_count = 0; $this->current_post = -1; $this->in_the_loop = false; $this->before_loop = true; unset( $this->request ); unset( $this->post ); unset( $this->comments ); unset( $this->comment ); $this->comment_count = 0; $this->current_comment = -1; $this->found_posts = 0; $this->max_num_pages = 0; $this->max_num_comment_pages = 0; $this->init_query_flags(); } /** * Reparses the query vars. * * @since 1.5.0 */ public function parse_query_vars() { $this->parse_query(); } /** * Fills in the query variables, which do not exist within the parameter. * * @since 2.1.0 * @since 4.5.0 Removed the `comments_popup` public query variable. * * @param array $query_vars Defined query variables. * @return array Complete query variables with undefined ones filled in empty. */ public function fill_query_vars( $query_vars ) { $keys = array( 'error', 'm', 'p', 'post_parent', 'subpost', 'subpost_id', 'attachment', 'attachment_id', 'name', 'pagename', 'page_id', 'second', 'minute', 'hour', 'day', 'monthnum', 'year', 'w', 'category_name', 'tag', 'cat', 'tag_id', 'author', 'author_name', 'feed', 'tb', 'paged', 'meta_key', 'meta_value', 'preview', 's', 'sentence', 'title', 'fields', 'menu_order', 'embed', ); foreach ( $keys as $key ) { if ( ! isset( $query_vars[ $key ] ) ) { $query_vars[ $key ] = ''; } } $array_keys = array( 'category__in', 'category__not_in', 'category__and', 'post__in', 'post__not_in', 'post_name__in', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'post_parent__in', 'post_parent__not_in', 'author__in', 'author__not_in', 'search_columns', ); foreach ( $array_keys as $key ) { if ( ! isset( $query_vars[ $key ] ) ) { $query_vars[ $key ] = array(); } } return $query_vars; } /** * Parses a query string and sets query type booleans. * * @since 1.5.0 * @since 4.2.0 Introduced the ability to order by specific clauses of a `$meta_query`, by passing the clause's * array key to `$orderby`. * @since 4.4.0 Introduced `$post_name__in` and `$title` parameters. `$s` was updated to support excluded * search terms, by prepending a hyphen. * @since 4.5.0 Removed the `$comments_popup` parameter. * Introduced the `$comment_status` and `$ping_status` parameters. * Introduced `RAND(x)` syntax for `$orderby`, which allows an integer seed value to random sorts. * @since 4.6.0 Added 'post_name__in' support for `$orderby`. Introduced the `$lazy_load_term_meta` argument. * @since 4.9.0 Introduced the `$comment_count` parameter. * @since 5.1.0 Introduced the `$meta_compare_key` parameter. * @since 5.3.0 Introduced the `$meta_type_key` parameter. * @since 6.1.0 Introduced the `$update_menu_item_cache` parameter. * @since 6.2.0 Introduced the `$search_columns` parameter. * * @param string|array $query { * Optional. Array or string of Query parameters. * * @type int $attachment_id Attachment post ID. Used for 'attachment' post_type. * @type int|string $author Author ID, or comma-separated list of IDs. * @type string $author_name User 'user_nicename'. * @type int[] $author__in An array of author IDs to query from. * @type int[] $author__not_in An array of author IDs not to query from. * @type bool $cache_results Whether to cache post information. Default true. * @type int|string $cat Category ID or comma-separated list of IDs (this or any children). * @type int[] $category__and An array of category IDs (AND in). * @type int[] $category__in An array of category IDs (OR in, no children). * @type int[] $category__not_in An array of category IDs (NOT in). * @type string $category_name Use category slug (not name, this or any children). * @type array|int $comment_count Filter results by comment count. Provide an integer to match * comment count exactly. Provide an array with integer 'value' * and 'compare' operator ('=', '!=', '>', '>=', '<', '<=' ) to * compare against comment_count in a specific way. * @type string $comment_status Comment status. * @type int $comments_per_page The number of comments to return per page. * Default 'comments_per_page' option. * @type array $date_query An associative array of WP_Date_Query arguments. * See WP_Date_Query::__construct(). * @type int $day Day of the month. Default empty. Accepts numbers 1-31. * @type bool $exact Whether to search by exact keyword. Default false. * @type string $fields Post fields to query for. Accepts: * - '' Returns an array of complete post objects (`WP_Post[]`). * - 'ids' Returns an array of post IDs (`int[]`). * - 'id=>parent' Returns an associative array of parent post IDs, * keyed by post ID (`int[]`). * Default ''. * @type int $hour Hour of the day. Default empty. Accepts numbers 0-23. * @type int|bool $ignore_sticky_posts Whether to ignore sticky posts or not. Setting this to false * excludes stickies from 'post__in'. Accepts 1|true, 0|false. * Default false. * @type int $m Combination YearMonth. Accepts any four-digit year and month * numbers 01-12. Default empty. * @type string|string[] $meta_key Meta key or keys to filter by. * @type string|string[] $meta_value Meta value or values to filter by. * @type string $meta_compare MySQL operator used for comparing the meta value. * See WP_Meta_Query::__construct() for accepted values and default value. * @type string $meta_compare_key MySQL operator used for comparing the meta key. * See WP_Meta_Query::__construct() for accepted values and default value. * @type string $meta_type MySQL data type that the meta_value column will be CAST to for comparisons. * See WP_Meta_Query::__construct() for accepted values and default value. * @type string $meta_type_key MySQL data type that the meta_key column will be CAST to for comparisons. * See WP_Meta_Query::__construct() for accepted values and default value. * @type array $meta_query An associative array of WP_Meta_Query arguments. * See WP_Meta_Query::__construct() for accepted values. * @type int $menu_order The menu order of the posts. * @type int $minute Minute of the hour. Default empty. Accepts numbers 0-59. * @type int $monthnum The two-digit month. Default empty. Accepts numbers 1-12. * @type string $name Post slug. * @type bool $nopaging Show all posts (true) or paginate (false). Default false. * @type bool $no_found_rows Whether to skip counting the total rows found. Enabling can improve * performance. Default false. * @type int $offset The number of posts to offset before retrieval. * @type string $order Designates ascending or descending order of posts. Default 'DESC'. * Accepts 'ASC', 'DESC'. * @type string|array $orderby Sort retrieved posts by parameter. One or more options may be passed. * To use 'meta_value', or 'meta_value_num', 'meta_key=keyname' must be * also be defined. To sort by a specific `$meta_query` clause, use that * clause's array key. Accepts: * - 'none' * - 'name' * - 'author' * - 'date' * - 'title' * - 'modified' * - 'menu_order' * - 'parent' * - 'ID' * - 'rand' * - 'relevance' * - 'RAND(x)' (where 'x' is an integer seed value) * - 'comment_count' * - 'meta_value' * - 'meta_value_num' * - 'post__in' * - 'post_name__in' * - 'post_parent__in' * - The array keys of `$meta_query`. * Default is 'date', except when a search is being performed, when * the default is 'relevance'. * @type int $p Post ID. * @type int $page Show the number of posts that would show up on page X of a * static front page. * @type int $paged The number of the current page. * @type int $page_id Page ID. * @type string $pagename Page slug. * @type string $perm Show posts if user has the appropriate capability. * @type string $ping_status Ping status. * @type int[] $post__in An array of post IDs to retrieve, sticky posts will be included. * @type int[] $post__not_in An array of post IDs not to retrieve. Note: a string of comma- * separated IDs will NOT work. * @type string $post_mime_type The mime type of the post. Used for 'attachment' post_type. * @type string[] $post_name__in An array of post slugs that results must match. * @type int $post_parent Page ID to retrieve child pages for. Use 0 to only retrieve * top-level pages. * @type int[] $post_parent__in An array containing parent page IDs to query child pages from. * @type int[] $post_parent__not_in An array containing parent page IDs not to query child pages from. * @type string|string[] $post_type A post type slug (string) or array of post type slugs. * Default 'any' if using 'tax_query'. * @type string|string[] $post_status A post status (string) or array of post statuses. * @type int $posts_per_page The number of posts to query for. Use -1 to request all posts. * @type int $posts_per_archive_page The number of posts to query for by archive page. Overrides * 'posts_per_page' when is_archive(), or is_search() are true. * @type string $s Search keyword(s). Prepending a term with a hyphen will * exclude posts matching that term. Eg, 'pillow -sofa' will * return posts containing 'pillow' but not 'sofa'. The * character used for exclusion can be modified using the * the 'wp_query_search_exclusion_prefix' filter. * @type string[] $search_columns Array of column names to be searched. Accepts 'post_title', * 'post_excerpt' and 'post_content'. Default empty array. * @type int $second Second of the minute. Default empty. Accepts numbers 0-59. * @type bool $sentence Whether to search by phrase. Default false. * @type bool $suppress_filters Whether to suppress filters. Default false. * @type string $tag Tag slug. Comma-separated (either), Plus-separated (all). * @type int[] $tag__and An array of tag IDs (AND in). * @type int[] $tag__in An array of tag IDs (OR in). * @type int[] $tag__not_in An array of tag IDs (NOT in). * @type int $tag_id Tag id or comma-separated list of IDs. * @type string[] $tag_slug__and An array of tag slugs (AND in). * @type string[] $tag_slug__in An array of tag slugs (OR in). unless 'ignore_sticky_posts' is * true. Note: a string of comma-separated IDs will NOT work. * @type array $tax_query An associative array of WP_Tax_Query arguments. * See WP_Tax_Query::__construct(). * @type string $title Post title. * @type bool $update_post_meta_cache Whether to update the post meta cache. Default true. * @type bool $update_post_term_cache Whether to update the post term cache. Default true. * @type bool $update_menu_item_cache Whether to update the menu item cache. Default false. * @type bool $lazy_load_term_meta Whether to lazy-load term meta. Setting to false will * disable cache priming for term meta, so that each * get_term_meta() call will hit the database. * Defaults to the value of `$update_post_term_cache`. * @type int $w The week number of the year. Default empty. Accepts numbers 0-53. * @type int $year The four-digit year. Default empty. Accepts any four-digit year. * } */ public function parse_query( $query = '' ) { if ( ! empty( $query ) ) { $this->init(); $this->query = wp_parse_args( $query ); $this->query_vars = $this->query; } elseif ( ! isset( $this->query ) ) { $this->query = $this->query_vars; } $this->query_vars = $this->fill_query_vars( $this->query_vars ); $query_vars = &$this->query_vars; $this->query_vars_changed = true; if ( ! empty( $query_vars['robots'] ) ) { $this->is_robots = true; } elseif ( ! empty( $query_vars['favicon'] ) ) { $this->is_favicon = true; } if ( ! is_scalar( $query_vars['p'] ) || (int) $query_vars['p'] < 0 ) { $query_vars['p'] = 0; $query_vars['error'] = '404'; } else { $query_vars['p'] = (int) $query_vars['p']; } $query_vars['page_id'] = is_scalar( $query_vars['page_id'] ) ? absint( $query_vars['page_id'] ) : 0; $query_vars['year'] = is_scalar( $query_vars['year'] ) ? absint( $query_vars['year'] ) : 0; $query_vars['monthnum'] = is_scalar( $query_vars['monthnum'] ) ? absint( $query_vars['monthnum'] ) : 0; $query_vars['day'] = is_scalar( $query_vars['day'] ) ? absint( $query_vars['day'] ) : 0; $query_vars['w'] = is_scalar( $query_vars['w'] ) ? absint( $query_vars['w'] ) : 0; $query_vars['m'] = is_scalar( $query_vars['m'] ) ? preg_replace( '|[^0-9]|', '', $query_vars['m'] ) : ''; $query_vars['paged'] = is_scalar( $query_vars['paged'] ) ? absint( $query_vars['paged'] ) : 0; $query_vars['cat'] = preg_replace( '|[^0-9,-]|', '', $query_vars['cat'] ); // Array or comma-separated list of positive or negative integers. $query_vars['author'] = is_scalar( $query_vars['author'] ) ? preg_replace( '|[^0-9,-]|', '', $query_vars['author'] ) : ''; // Comma-separated list of positive or negative integers. $query_vars['pagename'] = is_scalar( $query_vars['pagename'] ) ? trim( $query_vars['pagename'] ) : ''; $query_vars['name'] = is_scalar( $query_vars['name'] ) ? trim( $query_vars['name'] ) : ''; $query_vars['title'] = is_scalar( $query_vars['title'] ) ? trim( $query_vars['title'] ) : ''; if ( is_scalar( $query_vars['hour'] ) && '' !== $query_vars['hour'] ) { $query_vars['hour'] = absint( $query_vars['hour'] ); } else { $query_vars['hour'] = ''; } if ( is_scalar( $query_vars['minute'] ) && '' !== $query_vars['minute'] ) { $query_vars['minute'] = absint( $query_vars['minute'] ); } else { $query_vars['minute'] = ''; } if ( is_scalar( $query_vars['second'] ) && '' !== $query_vars['second'] ) { $query_vars['second'] = absint( $query_vars['second'] ); } else { $query_vars['second'] = ''; } if ( is_scalar( $query_vars['menu_order'] ) && '' !== $query_vars['menu_order'] ) { $query_vars['menu_order'] = absint( $query_vars['menu_order'] ); } else { $query_vars['menu_order'] = ''; } // Fairly large, potentially too large, upper bound for search string lengths. if ( ! is_scalar( $query_vars['s'] ) || ( ! empty( $query_vars['s'] ) && strlen( $query_vars['s'] ) > 1600 ) ) { $query_vars['s'] = ''; } // Compat. Map subpost to attachment. if ( is_scalar( $query_vars['subpost'] ) && '' != $query_vars['subpost'] ) { $query_vars['attachment'] = $query_vars['subpost']; } if ( is_scalar( $query_vars['subpost_id'] ) && '' != $query_vars['subpost_id'] ) { $query_vars['attachment_id'] = $query_vars['subpost_id']; } $query_vars['attachment_id'] = is_scalar( $query_vars['attachment_id'] ) ? absint( $query_vars['attachment_id'] ) : 0; if ( ( '' !== $query_vars['attachment'] ) || ! empty( $query_vars['attachment_id'] ) ) { $this->is_single = true; $this->is_attachment = true; } elseif ( '' !== $query_vars['name'] ) { $this->is_single = true; } elseif ( $query_vars['p'] ) { $this->is_single = true; } elseif ( '' !== $query_vars['pagename'] || ! empty( $query_vars['page_id'] ) ) { $this->is_page = true; $this->is_single = false; } else { // Look for archive queries. Dates, categories, authors, search, post type archives. if ( isset( $this->query['s'] ) ) { $this->is_search = true; } if ( '' !== $query_vars['second'] ) { $this->is_time = true; $this->is_date = true; } if ( '' !== $query_vars['minute'] ) { $this->is_time = true; $this->is_date = true; } if ( '' !== $query_vars['hour'] ) { $this->is_time = true; $this->is_date = true; } if ( $query_vars['day'] ) { if ( ! $this->is_date ) { $date = sprintf( '%04d-%02d-%02d', $query_vars['year'], $query_vars['monthnum'], $query_vars['day'] ); if ( $query_vars['monthnum'] && $query_vars['year'] && ! wp_checkdate( $query_vars['monthnum'], $query_vars['day'], $query_vars['year'], $date ) ) { $query_vars['error'] = '404'; } else { $this->is_day = true; $this->is_date = true; } } } if ( $query_vars['monthnum'] ) { if ( ! $this->is_date ) { if ( 12 < $query_vars['monthnum'] ) { $query_vars['error'] = '404'; } else { $this->is_month = true; $this->is_date = true; } } } if ( $query_vars['year'] ) { if ( ! $this->is_date ) { $this->is_year = true; $this->is_date = true; } } if ( $query_vars['m'] ) { $this->is_date = true; if ( strlen( $query_vars['m'] ) > 9 ) { $this->is_time = true; } elseif ( strlen( $query_vars['m'] ) > 7 ) { $this->is_day = true; } elseif ( strlen( $query_vars['m'] ) > 5 ) { $this->is_month = true; } else { $this->is_year = true; } } if ( $query_vars['w'] ) { $this->is_date = true; } $this->query_vars_hash = false; $this->parse_tax_query( $query_vars ); foreach ( $this->tax_query->queries as $tax_query ) { if ( ! is_array( $tax_query ) ) { continue; } if ( isset( $tax_query['operator'] ) && 'NOT IN' !== $tax_query['operator'] ) { switch ( $tax_query['taxonomy'] ) { case 'category': $this->is_category = true; break; case 'post_tag': $this->is_tag = true; break; default: $this->is_tax = true; } } } unset( $tax_query ); if ( empty( $query_vars['author'] ) || ( '0' == $query_vars['author'] ) ) { $this->is_author = false; } else { $this->is_author = true; } if ( '' !== $query_vars['author_name'] ) { $this->is_author = true; } if ( ! empty( $query_vars['post_type'] ) && ! is_array( $query_vars['post_type'] ) ) { $post_type_obj = get_post_type_object( $query_vars['post_type'] ); if ( ! empty( $post_type_obj->has_archive ) ) { $this->is_post_type_archive = true; } } if ( $this->is_post_type_archive || $this->is_date || $this->is_author || $this->is_category || $this->is_tag || $this->is_tax ) { $this->is_archive = true; } } if ( '' != $query_vars['feed'] ) { $this->is_feed = true; } if ( '' != $query_vars['embed'] ) { $this->is_embed = true; } if ( '' != $query_vars['tb'] ) { $this->is_trackback = true; } if ( '' != $query_vars['paged'] && ( (int) $query_vars['paged'] > 1 ) ) { $this->is_paged = true; } // If we're previewing inside the write screen. if ( '' != $query_vars['preview'] ) { $this->is_preview = true; } if ( is_admin() ) { $this->is_admin = true; } if ( str_contains( $query_vars['feed'], 'comments-' ) ) { $query_vars['feed'] = str_replace( 'comments-', '', $query_vars['feed'] ); $query_vars['withcomments'] = 1; } $this->is_singular = $this->is_single || $this->is_page || $this->is_attachment; if ( $this->is_feed && ( ! empty( $query_vars['withcomments'] ) || ( empty( $query_vars['withoutcomments'] ) && $this->is_singular ) ) ) { $this->is_comment_feed = true; } if ( ! ( $this->is_singular || $this->is_archive || $this->is_search || $this->is_feed || ( wp_is_serving_rest_request() && $this->is_main_query() ) || $this->is_trackback || $this->is_404 || $this->is_admin || $this->is_robots || $this->is_favicon ) ) { $this->is_home = true; } // Correct `is_*` for 'page_on_front' and 'page_for_posts'. if ( $this->is_home && 'page' === get_option( 'show_on_front' ) && get_option( 'page_on_front' ) ) { $_query = wp_parse_args( $this->query ); // 'pagename' can be set and empty depending on matched rewrite rules. Ignore an empty 'pagename'. if ( isset( $_query['pagename'] ) && '' === $_query['pagename'] ) { unset( $_query['pagename'] ); } unset( $_query['embed'] ); if ( empty( $_query ) || ! array_diff( array_keys( $_query ), array( 'preview', 'page', 'paged', 'cpage' ) ) ) { $this->is_page = true; $this->is_home = false; $query_vars['page_id'] = get_option( 'page_on_front' ); // Correct <!--nextpage--> for 'page_on_front'. if ( ! empty( $query_vars['paged'] ) ) { $query_vars['page'] = $query_vars['paged']; unset( $query_vars['paged'] ); } } } if ( '' !== $query_vars['pagename'] ) { $this->queried_object = get_page_by_path( $query_vars['pagename'] ); if ( $this->queried_object && 'attachment' === $this->queried_object->post_type ) { if ( preg_match( '/^[^%]*%(?:postname)%/', get_option( 'permalink_structure' ) ) ) { // See if we also have a post with the same slug. $post = get_page_by_path( $query_vars['pagename'], OBJECT, 'post' ); if ( $post ) { $this->queried_object = $post; $this->is_page = false; $this->is_single = true; } } } if ( ! empty( $this->queried_object ) ) { $this->queried_object_id = (int) $this->queried_object->ID; } else { unset( $this->queried_object ); } if ( 'page' === get_option( 'show_on_front' ) && isset( $this->queried_object_id ) && get_option( 'page_for_posts' ) == $this->queried_object_id ) { $this->is_page = false; $this->is_home = true; $this->is_posts_page = true; } if ( isset( $this->queried_object_id ) && get_option( 'wp_page_for_privacy_policy' ) == $this->queried_object_id ) { $this->is_privacy_policy = true; } } if ( $query_vars['page_id'] ) { if ( 'page' === get_option( 'show_on_front' ) && get_option( 'page_for_posts' ) == $query_vars['page_id'] ) { $this->is_page = false; $this->is_home = true; $this->is_posts_page = true; } if ( get_option( 'wp_page_for_privacy_policy' ) == $query_vars['page_id'] ) { $this->is_privacy_policy = true; } } if ( ! empty( $query_vars['post_type'] ) ) { if ( is_array( $query_vars['post_type'] ) ) { $query_vars['post_type'] = array_map( 'sanitize_key', array_unique( $query_vars['post_type'] ) ); sort( $query_vars['post_type'] ); } else { $query_vars['post_type'] = sanitize_key( $query_vars['post_type'] ); } } if ( ! empty( $query_vars['post_status'] ) ) { if ( is_array( $query_vars['post_status'] ) ) { $query_vars['post_status'] = array_map( 'sanitize_key', array_unique( $query_vars['post_status'] ) ); sort( $query_vars['post_status'] ); } else { $query_vars['post_status'] = preg_replace( '|[^a-z0-9_,-]|', '', $query_vars['post_status'] ); } } if ( $this->is_posts_page && ( ! isset( $query_vars['withcomments'] ) || ! $query_vars['withcomments'] ) ) { $this->is_comment_feed = false; } $this->is_singular = $this->is_single || $this->is_page || $this->is_attachment; // Done correcting `is_*` for 'page_on_front' and 'page_for_posts'. if ( '404' == $query_vars['error'] ) { $this->set_404(); } $this->is_embed = $this->is_embed && ( $this->is_singular || $this->is_404 ); $this->query_vars_hash = md5( serialize( $this->query_vars ) ); $this->query_vars_changed = false; /** * Fires after the main query vars have been parsed. * * @since 1.5.0 * * @param WP_Query $query The WP_Query instance (passed by reference). */ do_action_ref_array( 'parse_query', array( &$this ) ); } /** * Parses various taxonomy related query vars. * * For BC, this method is not marked as protected. See [28987]. * * @since 3.1.0 * * @param array $query_vars The query variables. Passed by reference. */ public function parse_tax_query( &$query_vars ) { if ( ! empty( $query_vars['tax_query'] ) && is_array( $query_vars['tax_query'] ) ) { $tax_query = $query_vars['tax_query']; } else { $tax_query = array(); } if ( ! empty( $query_vars['taxonomy'] ) && ! empty( $query_vars['term'] ) ) { $tax_query[] = array( 'taxonomy' => $query_vars['taxonomy'], 'terms' => array( $query_vars['term'] ), 'field' => 'slug', ); } foreach ( get_taxonomies( array(), 'objects' ) as $taxonomy => $t ) { if ( 'post_tag' === $taxonomy ) { continue; // Handled further down in the $query_vars['tag'] block. } if ( $t->query_var && ! empty( $query_vars[ $t->query_var ] ) ) { $tax_query_defaults = array( 'taxonomy' => $taxonomy, 'field' => 'slug', ); if ( ! empty( $t->rewrite['hierarchical'] ) ) { $query_vars[ $t->query_var ] = wp_basename( $query_vars[ $t->query_var ] ); } $term = $query_vars[ $t->query_var ]; if ( ! is_array( $term ) ) { $term = explode( ',', $term ); $term = array_map( 'trim', $term ); } sort( $term ); $term = implode( ',', $term ); if ( str_contains( $term, '+' ) ) { $terms = preg_split( '/[+]+/', $term ); foreach ( $terms as $term ) { $tax_query[] = array_merge( $tax_query_defaults, array( 'terms' => array( $term ), ) ); } } else { $tax_query[] = array_merge( $tax_query_defaults, array( 'terms' => preg_split( '/[,]+/', $term ), ) ); } } } // If query string 'cat' is an array, implode it. if ( is_array( $query_vars['cat'] ) ) { $query_vars['cat'] = implode( ',', $query_vars['cat'] ); } // Category stuff. if ( ! empty( $query_vars['cat'] ) && ! $this->is_singular ) { $cat_in = array(); $cat_not_in = array(); $cat_array = preg_split( '/[,\s]+/', urldecode( $query_vars['cat'] ) ); $cat_array = array_map( 'intval', $cat_array ); sort( $cat_array ); $query_vars['cat'] = implode( ',', $cat_array ); foreach ( $cat_array as $cat ) { if ( $cat > 0 ) { $cat_in[] = $cat; } elseif ( $cat < 0 ) { $cat_not_in[] = abs( $cat ); } } if ( ! empty( $cat_in ) ) { $tax_query[] = array( 'taxonomy' => 'category', 'terms' => $cat_in, 'field' => 'term_id', 'include_children' => true, ); } if ( ! empty( $cat_not_in ) ) { $tax_query[] = array( 'taxonomy' => 'category', 'terms' => $cat_not_in, 'field' => 'term_id', 'operator' => 'NOT IN', 'include_children' => true, ); } unset( $cat_array, $cat_in, $cat_not_in ); } if ( ! empty( $query_vars['category__and'] ) && 1 === count( (array) $query_vars['category__and'] ) ) { $query_vars['category__and'] = (array) $query_vars['category__and']; if ( ! isset( $query_vars['category__in'] ) ) { $query_vars['category__in'] = array(); } $query_vars['category__in'][] = absint( reset( $query_vars['category__and'] ) ); unset( $query_vars['category__and'] ); } if ( ! empty( $query_vars['category__in'] ) ) { $query_vars['category__in'] = array_map( 'absint', array_unique( (array) $query_vars['category__in'] ) ); sort( $query_vars['category__in'] ); $tax_query[] = array( 'taxonomy' => 'category', 'terms' => $query_vars['category__in'], 'field' => 'term_id', 'include_children' => false, ); } if ( ! empty( $query_vars['category__not_in'] ) ) { $query_vars['category__not_in'] = array_map( 'absint', array_unique( (array) $query_vars['category__not_in'] ) ); sort( $query_vars['category__not_in'] ); $tax_query[] = array( 'taxonomy' => 'category', 'terms' => $query_vars['category__not_in'], 'operator' => 'NOT IN', 'include_children' => false, ); } if ( ! empty( $query_vars['category__and'] ) ) { $query_vars['category__and'] = array_map( 'absint', array_unique( (array) $query_vars['category__and'] ) ); sort( $query_vars['category__and'] ); $tax_query[] = array( 'taxonomy' => 'category', 'terms' => $query_vars['category__and'], 'field' => 'term_id', 'operator' => 'AND', 'include_children' => false, ); } // If query string 'tag' is array, implode it. if ( is_array( $query_vars['tag'] ) ) { $query_vars['tag'] = implode( ',', $query_vars['tag'] ); } // Tag stuff. if ( '' !== $query_vars['tag'] && ! $this->is_singular && $this->query_vars_changed ) { if ( str_contains( $query_vars['tag'], ',' ) ) { // @todo Handle normalizing `tag` query string. $tags = preg_split( '/[,\r\n\t ]+/', $query_vars['tag'] ); foreach ( (array) $tags as $tag ) { $tag = sanitize_term_field( 'slug', $tag, 0, 'post_tag', 'db' ); $query_vars['tag_slug__in'][] = $tag; sort( $query_vars['tag_slug__in'] ); } } elseif ( preg_match( '/[+\r\n\t ]+/', $query_vars['tag'] ) || ! empty( $query_vars['cat'] ) ) { $tags = preg_split( '/[+\r\n\t ]+/', $query_vars['tag'] ); foreach ( (array) $tags as $tag ) { $tag = sanitize_term_field( 'slug', $tag, 0, 'post_tag', 'db' ); $query_vars['tag_slug__and'][] = $tag; } } else { $query_vars['tag'] = sanitize_term_field( 'slug', $query_vars['tag'], 0, 'post_tag', 'db' ); $query_vars['tag_slug__in'][] = $query_vars['tag']; sort( $query_vars['tag_slug__in'] ); } } if ( ! empty( $query_vars['tag_id'] ) ) { $query_vars['tag_id'] = absint( $query_vars['tag_id'] ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $query_vars['tag_id'], ); } if ( ! empty( $query_vars['tag__in'] ) ) { $query_vars['tag__in'] = array_map( 'absint', array_unique( (array) $query_vars['tag__in'] ) ); sort( $query_vars['tag__in'] ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $query_vars['tag__in'], ); } if ( ! empty( $query_vars['tag__not_in'] ) ) { $query_vars['tag__not_in'] = array_map( 'absint', array_unique( (array) $query_vars['tag__not_in'] ) ); sort( $query_vars['tag__not_in'] ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $query_vars['tag__not_in'], 'operator' => 'NOT IN', ); } if ( ! empty( $query_vars['tag__and'] ) ) { $query_vars['tag__and'] = array_map( 'absint', array_unique( (array) $query_vars['tag__and'] ) ); sort( $query_vars['tag__and'] ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $query_vars['tag__and'], 'operator' => 'AND', ); } if ( ! empty( $query_vars['tag_slug__in'] ) ) { $query_vars['tag_slug__in'] = array_map( 'sanitize_title_for_query', array_unique( (array) $query_vars['tag_slug__in'] ) ); sort( $query_vars['tag_slug__in'] ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $query_vars['tag_slug__in'], 'field' => 'slug', ); } if ( ! empty( $query_vars['tag_slug__and'] ) ) { $query_vars['tag_slug__and'] = array_map( 'sanitize_title_for_query', array_unique( (array) $query_vars['tag_slug__and'] ) ); sort( $query_vars['tag_slug__and'] ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $query_vars['tag_slug__and'], 'field' => 'slug', 'operator' => 'AND', ); } $this->tax_query = new WP_Tax_Query( $tax_query ); /** * Fires after taxonomy-related query vars have been parsed. * * @since 3.7.0 * * @param WP_Query $query The WP_Query instance. */ do_action( 'parse_tax_query', $this ); } /** * Generates SQL for the WHERE clause based on passed search terms. * * @since 3.7.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $query_vars Query variables. * @return string WHERE clause. */ protected function parse_search( &$query_vars ) { global $wpdb; $search = ''; // Added slashes screw with quote grouping when done early, so done later. $query_vars['s'] = stripslashes( $query_vars['s'] ); if ( empty( $_GET['s'] ) && $this->is_main_query() ) { $query_vars['s'] = urldecode( $query_vars['s'] ); } // There are no line breaks in <input /> fields. $query_vars['s'] = str_replace( array( "\r", "\n" ), '', $query_vars['s'] ); $query_vars['search_terms_count'] = 1; if ( ! empty( $query_vars['sentence'] ) ) { $query_vars['search_terms'] = array( $query_vars['s'] ); } else { if ( preg_match_all( '/".*?("|$)|((?<=[\t ",+])|^)[^\t ",+]+/', $query_vars['s'], $matches ) ) { $query_vars['search_terms_count'] = count( $matches[0] ); $query_vars['search_terms'] = $this->parse_search_terms( $matches[0] ); // If the search string has only short terms or stopwords, or is 10+ terms long, match it as sentence. if ( empty( $query_vars['search_terms'] ) || count( $query_vars['search_terms'] ) > 9 ) { $query_vars['search_terms'] = array( $query_vars['s'] ); } } else { $query_vars['search_terms'] = array( $query_vars['s'] ); } } $n = ! empty( $query_vars['exact'] ) ? '' : '%'; $searchand = ''; $query_vars['search_orderby_title'] = array(); $default_search_columns = array( 'post_title', 'post_excerpt', 'post_content' ); $search_columns = ! empty( $query_vars['search_columns'] ) ? $query_vars['search_columns'] : $default_search_columns; if ( ! is_array( $search_columns ) ) { $search_columns = array( $search_columns ); } /** * Filters the columns to search in a WP_Query search. * * The supported columns are `post_title`, `post_excerpt` and `post_content`. * They are all included by default. * * @since 6.2.0 * * @param string[] $search_columns Array of column names to be searched. * @param string $search Text being searched. * @param WP_Query $query The current WP_Query instance. */ $search_columns = (array) apply_filters( 'post_search_columns', $search_columns, $query_vars['s'], $this ); // Use only supported search columns. $search_columns = array_intersect( $search_columns, $default_search_columns ); if ( empty( $search_columns ) ) { $search_columns = $default_search_columns; } /** * Filters the prefix that indicates that a search term should be excluded from results. * * @since 4.7.0 * * @param string $exclusion_prefix The prefix. Default '-'. Returning * an empty value disables exclusions. */ $exclusion_prefix = apply_filters( 'wp_query_search_exclusion_prefix', '-' ); foreach ( $query_vars['search_terms'] as $term ) { // If there is an $exclusion_prefix, terms prefixed with it should be excluded. $exclude = $exclusion_prefix && str_starts_with( $term, $exclusion_prefix ); if ( $exclude ) { $like_op = 'NOT LIKE'; $andor_op = 'AND'; $term = substr( $term, 1 ); } else { $like_op = 'LIKE'; $andor_op = 'OR'; } if ( $n && ! $exclude ) { $like = '%' . $wpdb->esc_like( $term ) . '%'; $query_vars['search_orderby_title'][] = $wpdb->prepare( "{$wpdb->posts}.post_title LIKE %s", $like ); } $like = $n . $wpdb->esc_like( $term ) . $n; $search_columns_parts = array(); foreach ( $search_columns as $search_column ) { $search_columns_parts[ $search_column ] = $wpdb->prepare( "({$wpdb->posts}.$search_column $like_op %s)", $like ); } if ( ! empty( $this->allow_query_attachment_by_filename ) ) { $search_columns_parts['attachment'] = $wpdb->prepare( "(sq1.meta_value $like_op %s)", $like ); } $search .= "$searchand(" . implode( " $andor_op ", $search_columns_parts ) . ')'; $searchand = ' AND '; } if ( ! empty( $search ) ) { $search = " AND ({$search}) "; if ( ! is_user_logged_in() ) { $search .= " AND ({$wpdb->posts}.post_password = '') "; } } return $search; } /** * Checks if the terms are suitable for searching. * * Uses an array of stopwords (terms) that are excluded from the separate * term matching when searching for posts. The list of English stopwords is * the approximate search engines list, and is translatable. * * @since 3.7.0 * * @param string[] $terms Array of terms to check. * @return string[] Terms that are not stopwords. */ protected function parse_search_terms( $terms ) { $strtolower = function_exists( 'mb_strtolower' ) ? 'mb_strtolower' : 'strtolower'; $checked = array(); $stopwords = $this->get_search_stopwords(); foreach ( $terms as $term ) { // Keep before/after spaces when term is for exact match. if ( preg_match( '/^".+"$/', $term ) ) { $term = trim( $term, "\"'" ); } else { $term = trim( $term, "\"' " ); } // Avoid single A-Z and single dashes. if ( ! $term || ( 1 === strlen( $term ) && preg_match( '/^[a-z\-]$/i', $term ) ) ) { continue; } if ( in_array( call_user_func( $strtolower, $term ), $stopwords, true ) ) { continue; } $checked[] = $term; } return $checked; } /** * Retrieves stopwords used when parsing search terms. * * @since 3.7.0 * * @return string[] Stopwords. */ protected function get_search_stopwords() { if ( isset( $this->stopwords ) ) { return $this->stopwords; } /* * translators: This is a comma-separated list of very common words that should be excluded from a search, * like a, an, and the. These are usually called "stopwords". You should not simply translate these individual * words into your language. Instead, look for and provide commonly accepted stopwords in your language. */ $words = explode( ',', _x( 'about,an,are,as,at,be,by,com,for,from,how,in,is,it,of,on,or,that,the,this,to,was,what,when,where,who,will,with,www', 'Comma-separated list of search stopwords in your language' ) ); $stopwords = array(); foreach ( $words as $word ) { $word = trim( $word, "\r\n\t " ); if ( $word ) { $stopwords[] = $word; } } /** * Filters stopwords used when parsing search terms. * * @since 3.7.0 * * @param string[] $stopwords Array of stopwords. */ $this->stopwords = apply_filters( 'wp_search_stopwords', $stopwords ); return $this->stopwords; } /** * Generates SQL for the ORDER BY condition based on passed search terms. * * @since 3.7.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $query_vars Query variables. * @return string ORDER BY clause. */ protected function parse_search_order( &$query_vars ) { global $wpdb; if ( $query_vars['search_terms_count'] > 1 ) { $num_terms = count( $query_vars['search_orderby_title'] ); // If the search terms contain negative queries, don't bother ordering by sentence matches. $like = ''; if ( ! preg_match( '/(?:\s|^)\-/', $query_vars['s'] ) ) { $like = '%' . $wpdb->esc_like( $query_vars['s'] ) . '%'; } $search_orderby = ''; // Sentence match in 'post_title'. if ( $like ) { $search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_title LIKE %s THEN 1 ", $like ); } /* * Sanity limit, sort as sentence when more than 6 terms * (few searches are longer than 6 terms and most titles are not). */ if ( $num_terms < 7 ) { // All words in title. $search_orderby .= 'WHEN ' . implode( ' AND ', $query_vars['search_orderby_title'] ) . ' THEN 2 '; // Any word in title, not needed when $num_terms == 1. if ( $num_terms > 1 ) { $search_orderby .= 'WHEN ' . implode( ' OR ', $query_vars['search_orderby_title'] ) . ' THEN 3 '; } } // Sentence match in 'post_content' and 'post_excerpt'. if ( $like ) { $search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_excerpt LIKE %s THEN 4 ", $like ); $search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_content LIKE %s THEN 5 ", $like ); } if ( $search_orderby ) { $search_orderby = '(CASE ' . $search_orderby . 'ELSE 6 END)'; } } else { // Single word or sentence search. $search_orderby = reset( $query_vars['search_orderby_title'] ) . ' DESC'; } return $search_orderby; } /** * Converts the given orderby alias (if allowed) to a properly-prefixed value. * * @since 4.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $orderby Alias for the field to order by. * @return string|false Table-prefixed value to used in the ORDER clause. False otherwise. */ protected function parse_orderby( $orderby ) { global $wpdb; // Used to filter values. $allowed_keys = array( 'post_name', 'post_author', 'post_date', 'post_title', 'post_modified', 'post_parent', 'post_type', 'name', 'author', 'date', 'title', 'modified', 'parent', 'type', 'ID', 'menu_order', 'comment_count', 'rand', 'post__in', 'post_parent__in', 'post_name__in', ); $primary_meta_key = ''; $primary_meta_query = false; $meta_clauses = $this->meta_query->get_clauses(); if ( ! empty( $meta_clauses ) ) { $primary_meta_query = reset( $meta_clauses ); if ( ! empty( $primary_meta_query['key'] ) ) { $primary_meta_key = $primary_meta_query['key']; $allowed_keys[] = $primary_meta_key; } $allowed_keys[] = 'meta_value'; $allowed_keys[] = 'meta_value_num'; $allowed_keys = array_merge( $allowed_keys, array_keys( $meta_clauses ) ); } // If RAND() contains a seed value, sanitize and add to allowed keys. $rand_with_seed = false; if ( preg_match( '/RAND\(([0-9]+)\)/i', $orderby, $matches ) ) { $orderby = sprintf( 'RAND(%s)', (int) $matches[1] ); $allowed_keys[] = $orderby; $rand_with_seed = true; } if ( ! in_array( $orderby, $allowed_keys, true ) ) { return false; } $orderby_clause = ''; switch ( $orderby ) { case 'post_name': case 'post_author': case 'post_date': case 'post_title': case 'post_modified': case 'post_parent': case 'post_type': case 'ID': case 'menu_order': case 'comment_count': $orderby_clause = "{$wpdb->posts}.{$orderby}"; break; case 'rand': $orderby_clause = 'RAND()'; break; case $primary_meta_key: case 'meta_value': if ( ! empty( $primary_meta_query['type'] ) ) { $orderby_clause = "CAST({$primary_meta_query['alias']}.meta_value AS {$primary_meta_query['cast']})"; } else { $orderby_clause = "{$primary_meta_query['alias']}.meta_value"; } break; case 'meta_value_num': $orderby_clause = "{$primary_meta_query['alias']}.meta_value+0"; break; case 'post__in': if ( ! empty( $this->query_vars['post__in'] ) ) { $orderby_clause = "FIELD({$wpdb->posts}.ID," . implode( ',', array_map( 'absint', $this->query_vars['post__in'] ) ) . ')'; } break; case 'post_parent__in': if ( ! empty( $this->query_vars['post_parent__in'] ) ) { $orderby_clause = "FIELD( {$wpdb->posts}.post_parent," . implode( ', ', array_map( 'absint', $this->query_vars['post_parent__in'] ) ) . ' )'; } break; case 'post_name__in': if ( ! empty( $this->query_vars['post_name__in'] ) ) { $post_name__in = array_map( 'sanitize_title_for_query', $this->query_vars['post_name__in'] ); $post_name__in_string = "'" . implode( "','", $post_name__in ) . "'"; $orderby_clause = "FIELD( {$wpdb->posts}.post_name," . $post_name__in_string . ' )'; } break; default: if ( array_key_exists( $orderby, $meta_clauses ) ) { // $orderby corresponds to a meta_query clause. $meta_clause = $meta_clauses[ $orderby ]; $orderby_clause = "CAST({$meta_clause['alias']}.meta_value AS {$meta_clause['cast']})"; } elseif ( $rand_with_seed ) { $orderby_clause = $orderby; } else { // Default: order by post field. $orderby_clause = "{$wpdb->posts}.post_" . sanitize_key( $orderby ); } break; } return $orderby_clause; } /** * Parse an 'order' query variable and cast it to ASC or DESC as necessary. * * @since 4.0.0 * * @param string $order The 'order' query variable. * @return string The sanitized 'order' query variable. */ protected function parse_order( $order ) { if ( ! is_string( $order ) || empty( $order ) ) { return 'DESC'; } if ( 'ASC' === strtoupper( $order ) ) { return 'ASC'; } else { return 'DESC'; } } /** * Sets the 404 property and saves whether query is feed. * * @since 2.0.0 */ public function set_404() { $is_feed = $this->is_feed; $this->init_query_flags(); $this->is_404 = true; $this->is_feed = $is_feed; /** * Fires after a 404 is triggered. * * @since 5.5.0 * * @param WP_Query $query The WP_Query instance (passed by reference). */ do_action_ref_array( 'set_404', array( $this ) ); } /** * Retrieves the value of a query variable. * * @since 1.5.0 * @since 3.9.0 The `$default_value` argument was introduced. * * @param string $query_var Query variable key. * @param mixed $default_value Optional. Value to return if the query variable is not set. * Default empty string. * @return mixed Contents of the query variable. */ public function get( $query_var, $default_value = '' ) { if ( isset( $this->query_vars[ $query_var ] ) ) { return $this->query_vars[ $query_var ]; } return $default_value; } /** * Sets the value of a query variable. * * @since 1.5.0 * * @param string $query_var Query variable key. * @param mixed $value Query variable value. */ public function set( $query_var, $value ) { $this->query_vars[ $query_var ] = $value; } /** * Retrieves an array of posts based on query variables. * * There are a few filters and actions that can be used to modify the post * database query. * * @since 1.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return WP_Post[]|int[] Array of post objects or post IDs. */ public function get_posts() { global $wpdb; $this->parse_query(); /** * Fires after the query variable object is created, but before the actual query is run. * * Note: If using conditional tags, use the method versions within the passed instance * (e.g. $this->is_main_query() instead of is_main_query()). This is because the functions * like is_main_query() test against the global $wp_query instance, not the passed one. * * @since 2.0.0 * * @param WP_Query $query The WP_Query instance (passed by reference). */ do_action_ref_array( 'pre_get_posts', array( &$this ) ); // Locally scoped reference for easy of use. $query_vars = &$this->query_vars; // Fill again in case 'pre_get_posts' unset some vars. $query_vars = $this->fill_query_vars( $query_vars ); /** * Filters whether an attachment query should include filenames or not. * * @since 6.0.3 * * @param bool $allow_query_attachment_by_filename Whether or not to include filenames. */ $this->allow_query_attachment_by_filename = apply_filters( 'wp_allow_query_attachment_by_filename', false ); remove_all_filters( 'wp_allow_query_attachment_by_filename' ); // Parse meta query. $this->meta_query = new WP_Meta_Query(); $this->meta_query->parse_query_vars( $query_vars ); // Set a flag if a 'pre_get_posts' hook changed the query vars. $hash = md5( serialize( $this->query_vars ) ); if ( $hash !== $this->query_vars_hash ) { $this->query_vars_changed = true; $this->query_vars_hash = $hash; } unset( $hash ); // First let's clear some variables. $distinct = ''; $whichauthor = ''; $whichmimetype = ''; $where = ''; $limits = ''; $join = ''; $search = ''; $groupby = ''; $post_status_join = false; $page = 1; if ( isset( $query_vars['caller_get_posts'] ) ) { _deprecated_argument( 'WP_Query', '3.1.0', sprintf( /* translators: 1: caller_get_posts, 2: ignore_sticky_posts */ __( '%1$s is deprecated. Use %2$s instead.' ), '<code>caller_get_posts</code>', '<code>ignore_sticky_posts</code>' ) ); if ( ! isset( $query_vars['ignore_sticky_posts'] ) ) { $query_vars['ignore_sticky_posts'] = $query_vars['caller_get_posts']; } } if ( ! isset( $query_vars['ignore_sticky_posts'] ) ) { $query_vars['ignore_sticky_posts'] = false; } if ( ! isset( $query_vars['suppress_filters'] ) ) { $query_vars['suppress_filters'] = false; } if ( ! isset( $query_vars['cache_results'] ) ) { $query_vars['cache_results'] = true; } if ( ! isset( $query_vars['update_post_term_cache'] ) ) { $query_vars['update_post_term_cache'] = true; } if ( ! isset( $query_vars['update_menu_item_cache'] ) ) { $query_vars['update_menu_item_cache'] = false; } if ( ! isset( $query_vars['lazy_load_term_meta'] ) ) { $query_vars['lazy_load_term_meta'] = $query_vars['update_post_term_cache']; } elseif ( $query_vars['lazy_load_term_meta'] ) { // Lazy loading term meta only works if term caches are primed. $query_vars['update_post_term_cache'] = true; } if ( ! isset( $query_vars['update_post_meta_cache'] ) ) { $query_vars['update_post_meta_cache'] = true; } if ( ! isset( $query_vars['post_type'] ) ) { if ( $this->is_search ) { $query_vars['post_type'] = 'any'; } else { $query_vars['post_type'] = ''; } } $post_type = $query_vars['post_type']; if ( empty( $query_vars['posts_per_page'] ) ) { $query_vars['posts_per_page'] = get_option( 'posts_per_page' ); } if ( isset( $query_vars['showposts'] ) && $query_vars['showposts'] ) { $query_vars['showposts'] = (int) $query_vars['showposts']; $query_vars['posts_per_page'] = $query_vars['showposts']; } if ( ( isset( $query_vars['posts_per_archive_page'] ) && 0 != $query_vars['posts_per_archive_page'] ) && ( $this->is_archive || $this->is_search ) ) { $query_vars['posts_per_page'] = $query_vars['posts_per_archive_page']; } if ( ! isset( $query_vars['nopaging'] ) ) { if ( -1 == $query_vars['posts_per_page'] ) { $query_vars['nopaging'] = true; } else { $query_vars['nopaging'] = false; } } if ( $this->is_feed ) { // This overrides 'posts_per_page'. if ( ! empty( $query_vars['posts_per_rss'] ) ) { $query_vars['posts_per_page'] = $query_vars['posts_per_rss']; } else { $query_vars['posts_per_page'] = get_option( 'posts_per_rss' ); } $query_vars['nopaging'] = false; } $query_vars['posts_per_page'] = (int) $query_vars['posts_per_page']; if ( $query_vars['posts_per_page'] < -1 ) { $query_vars['posts_per_page'] = abs( $query_vars['posts_per_page'] ); } elseif ( 0 === $query_vars['posts_per_page'] ) { $query_vars['posts_per_page'] = 1; } if ( ! isset( $query_vars['comments_per_page'] ) || 0 == $query_vars['comments_per_page'] ) { $query_vars['comments_per_page'] = get_option( 'comments_per_page' ); } if ( $this->is_home && ( empty( $this->query ) || 'true' === $query_vars['preview'] ) && ( 'page' === get_option( 'show_on_front' ) ) && get_option( 'page_on_front' ) ) { $this->is_page = true; $this->is_home = false; $query_vars['page_id'] = get_option( 'page_on_front' ); } if ( isset( $query_vars['page'] ) ) { $query_vars['page'] = is_scalar( $query_vars['page'] ) ? absint( trim( $query_vars['page'], '/' ) ) : 0; } // If true, forcibly turns off SQL_CALC_FOUND_ROWS even when limits are present. if ( isset( $query_vars['no_found_rows'] ) ) { $query_vars['no_found_rows'] = (bool) $query_vars['no_found_rows']; } else { $query_vars['no_found_rows'] = false; } switch ( $query_vars['fields'] ) { case 'ids': $fields = "{$wpdb->posts}.ID"; break; case 'id=>parent': $fields = "{$wpdb->posts}.ID, {$wpdb->posts}.post_parent"; break; case '': /* * Set the default to 'all'. * * This is used in `WP_Query::the_post` to determine if the * entire post object has been queried. */ $query_vars['fields'] = 'all'; // Falls through. default: $fields = "{$wpdb->posts}.*"; } if ( '' !== $query_vars['menu_order'] ) { $where .= " AND {$wpdb->posts}.menu_order = " . $query_vars['menu_order']; } // The "m" parameter is meant for months but accepts datetimes of varying specificity. if ( $query_vars['m'] ) { $where .= " AND YEAR({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 0, 4 ); if ( strlen( $query_vars['m'] ) > 5 ) { $where .= " AND MONTH({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 4, 2 ); } if ( strlen( $query_vars['m'] ) > 7 ) { $where .= " AND DAYOFMONTH({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 6, 2 ); } if ( strlen( $query_vars['m'] ) > 9 ) { $where .= " AND HOUR({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 8, 2 ); } if ( strlen( $query_vars['m'] ) > 11 ) { $where .= " AND MINUTE({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 10, 2 ); } if ( strlen( $query_vars['m'] ) > 13 ) { $where .= " AND SECOND({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 12, 2 ); } } // Handle the other individual date parameters. $date_parameters = array(); if ( '' !== $query_vars['hour'] ) { $date_parameters['hour'] = $query_vars['hour']; } if ( '' !== $query_vars['minute'] ) { $date_parameters['minute'] = $query_vars['minute']; } if ( '' !== $query_vars['second'] ) { $date_parameters['second'] = $query_vars['second']; } if ( $query_vars['year'] ) { $date_parameters['year'] = $query_vars['year']; } if ( $query_vars['monthnum'] ) { $date_parameters['monthnum'] = $query_vars['monthnum']; } if ( $query_vars['w'] ) { $date_parameters['week'] = $query_vars['w']; } if ( $query_vars['day'] ) { $date_parameters['day'] = $query_vars['day']; } if ( $date_parameters ) { $date_query = new WP_Date_Query( array( $date_parameters ) ); $where .= $date_query->get_sql(); } unset( $date_parameters, $date_query ); // Handle complex date queries. if ( ! empty( $query_vars['date_query'] ) ) { $this->date_query = new WP_Date_Query( $query_vars['date_query'] ); $where .= $this->date_query->get_sql(); } // If we've got a post_type AND it's not "any" post_type. if ( ! empty( $query_vars['post_type'] ) && 'any' !== $query_vars['post_type'] ) { foreach ( (array) $query_vars['post_type'] as $_post_type ) { $ptype_obj = get_post_type_object( $_post_type ); if ( ! $ptype_obj || ! $ptype_obj->query_var || empty( $query_vars[ $ptype_obj->query_var ] ) ) { continue; } if ( ! $ptype_obj->hierarchical ) { // Non-hierarchical post types can directly use 'name'. $query_vars['name'] = $query_vars[ $ptype_obj->query_var ]; } else { // Hierarchical post types will operate through 'pagename'. $query_vars['pagename'] = $query_vars[ $ptype_obj->query_var ]; $query_vars['name'] = ''; } // Only one request for a slug is possible, this is why name & pagename are overwritten above. break; } // End foreach. unset( $ptype_obj ); } if ( '' !== $query_vars['title'] ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_title = %s", stripslashes( $query_vars['title'] ) ); } // Parameters related to 'post_name'. if ( '' !== $query_vars['name'] ) { $query_vars['name'] = sanitize_title_for_query( $query_vars['name'] ); $where .= " AND {$wpdb->posts}.post_name = '" . $query_vars['name'] . "'"; } elseif ( '' !== $query_vars['pagename'] ) { if ( isset( $this->queried_object_id ) ) { $reqpage = $this->queried_object_id; } else { if ( 'page' !== $query_vars['post_type'] ) { foreach ( (array) $query_vars['post_type'] as $_post_type ) { $ptype_obj = get_post_type_object( $_post_type ); if ( ! $ptype_obj || ! $ptype_obj->hierarchical ) { continue; } $reqpage = get_page_by_path( $query_vars['pagename'], OBJECT, $_post_type ); if ( $reqpage ) { break; } } unset( $ptype_obj ); } else { $reqpage = get_page_by_path( $query_vars['pagename'] ); } if ( ! empty( $reqpage ) ) { $reqpage = $reqpage->ID; } else { $reqpage = 0; } } $page_for_posts = get_option( 'page_for_posts' ); if ( ( 'page' !== get_option( 'show_on_front' ) ) || empty( $page_for_posts ) || ( $reqpage != $page_for_posts ) ) { $query_vars['pagename'] = sanitize_title_for_query( wp_basename( $query_vars['pagename'] ) ); $query_vars['name'] = $query_vars['pagename']; $where .= " AND ({$wpdb->posts}.ID = '$reqpage')"; $reqpage_obj = get_post( $reqpage ); if ( is_object( $reqpage_obj ) && 'attachment' === $reqpage_obj->post_type ) { $this->is_attachment = true; $post_type = 'attachment'; $query_vars['post_type'] = 'attachment'; $this->is_page = true; $query_vars['attachment_id'] = $reqpage; } } } elseif ( '' !== $query_vars['attachment'] ) { $query_vars['attachment'] = sanitize_title_for_query( wp_basename( $query_vars['attachment'] ) ); $query_vars['name'] = $query_vars['attachment']; $where .= " AND {$wpdb->posts}.post_name = '" . $query_vars['attachment'] . "'"; } elseif ( is_array( $query_vars['post_name__in'] ) && ! empty( $query_vars['post_name__in'] ) ) { $query_vars['post_name__in'] = array_map( 'sanitize_title_for_query', $query_vars['post_name__in'] ); // Duplicate array before sorting to allow for the orderby clause. $post_name__in_for_where = array_unique( $query_vars['post_name__in'] ); sort( $post_name__in_for_where ); $post_name__in = "'" . implode( "','", $post_name__in_for_where ) . "'"; $where .= " AND {$wpdb->posts}.post_name IN ($post_name__in)"; } // If an attachment is requested by number, let it supersede any post number. if ( $query_vars['attachment_id'] ) { $query_vars['p'] = absint( $query_vars['attachment_id'] ); } // If a post number is specified, load that post. if ( $query_vars['p'] ) { $where .= " AND {$wpdb->posts}.ID = " . $query_vars['p']; } elseif ( $query_vars['post__in'] ) { // Duplicate array before sorting to allow for the orderby clause. $post__in_for_where = $query_vars['post__in']; $post__in_for_where = array_unique( array_map( 'absint', $post__in_for_where ) ); sort( $post__in_for_where ); $post__in = implode( ',', array_map( 'absint', $post__in_for_where ) ); $where .= " AND {$wpdb->posts}.ID IN ($post__in)"; } elseif ( $query_vars['post__not_in'] ) { sort( $query_vars['post__not_in'] ); $post__not_in = implode( ',', array_map( 'absint', $query_vars['post__not_in'] ) ); $where .= " AND {$wpdb->posts}.ID NOT IN ($post__not_in)"; } if ( is_numeric( $query_vars['post_parent'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_parent = %d ", $query_vars['post_parent'] ); } elseif ( $query_vars['post_parent__in'] ) { // Duplicate array before sorting to allow for the orderby clause. $post_parent__in_for_where = $query_vars['post_parent__in']; $post_parent__in_for_where = array_unique( array_map( 'absint', $post_parent__in_for_where ) ); sort( $post_parent__in_for_where ); $post_parent__in = implode( ',', array_map( 'absint', $post_parent__in_for_where ) ); $where .= " AND {$wpdb->posts}.post_parent IN ($post_parent__in)"; } elseif ( $query_vars['post_parent__not_in'] ) { sort( $query_vars['post_parent__not_in'] ); $post_parent__not_in = implode( ',', array_map( 'absint', $query_vars['post_parent__not_in'] ) ); $where .= " AND {$wpdb->posts}.post_parent NOT IN ($post_parent__not_in)"; } if ( $query_vars['page_id'] ) { if ( ( 'page' !== get_option( 'show_on_front' ) ) || ( get_option( 'page_for_posts' ) != $query_vars['page_id'] ) ) { $query_vars['p'] = $query_vars['page_id']; $where = " AND {$wpdb->posts}.ID = " . $query_vars['page_id']; } } // If a search pattern is specified, load the posts that match. if ( strlen( $query_vars['s'] ) ) { $search = $this->parse_search( $query_vars ); } if ( ! $query_vars['suppress_filters'] ) { /** * Filters the search SQL that is used in the WHERE clause of WP_Query. * * @since 3.0.0 * * @param string $search Search SQL for WHERE clause. * @param WP_Query $query The current WP_Query object. */ $search = apply_filters_ref_array( 'posts_search', array( $search, &$this ) ); } // Taxonomies. if ( ! $this->is_singular ) { $this->parse_tax_query( $query_vars ); $clauses = $this->tax_query->get_sql( $wpdb->posts, 'ID' ); $join .= $clauses['join']; $where .= $clauses['where']; } if ( $this->is_tax ) { if ( empty( $post_type ) ) { // Do a fully inclusive search for currently registered post types of queried taxonomies. $post_type = array(); $taxonomies = array_keys( $this->tax_query->queried_terms ); foreach ( get_post_types( array( 'exclude_from_search' => false ) ) as $pt ) { $object_taxonomies = 'attachment' === $pt ? get_taxonomies_for_attachments() : get_object_taxonomies( $pt ); if ( array_intersect( $taxonomies, $object_taxonomies ) ) { $post_type[] = $pt; } } if ( ! $post_type ) { $post_type = 'any'; } elseif ( count( $post_type ) === 1 ) { $post_type = $post_type[0]; } else { // Sort post types to ensure same cache key generation. sort( $post_type ); } $post_status_join = true; } elseif ( in_array( 'attachment', (array) $post_type, true ) ) { $post_status_join = true; } } /* * Ensure that 'taxonomy', 'term', 'term_id', 'cat', and * 'category_name' vars are set for backward compatibility. */ if ( ! empty( $this->tax_query->queried_terms ) ) { /* * Set 'taxonomy', 'term', and 'term_id' to the * first taxonomy other than 'post_tag' or 'category'. */ if ( ! isset( $query_vars['taxonomy'] ) ) { foreach ( $this->tax_query->queried_terms as $queried_taxonomy => $queried_items ) { if ( empty( $queried_items['terms'][0] ) ) { continue; } if ( ! in_array( $queried_taxonomy, array( 'category', 'post_tag' ), true ) ) { $query_vars['taxonomy'] = $queried_taxonomy; if ( 'slug' === $queried_items['field'] ) { $query_vars['term'] = $queried_items['terms'][0]; } else { $query_vars['term_id'] = $queried_items['terms'][0]; } // Take the first one we find. break; } } } // 'cat', 'category_name', 'tag_id'. foreach ( $this->tax_query->queried_terms as $queried_taxonomy => $queried_items ) { if ( empty( $queried_items['terms'][0] ) ) { continue; } if ( 'category' === $queried_taxonomy ) { $the_cat = get_term_by( $queried_items['field'], $queried_items['terms'][0], 'category' ); if ( $the_cat ) { $this->set( 'cat', $the_cat->term_id ); $this->set( 'category_name', $the_cat->slug ); } unset( $the_cat ); } if ( 'post_tag' === $queried_taxonomy ) { $the_tag = get_term_by( $queried_items['field'], $queried_items['terms'][0], 'post_tag' ); if ( $the_tag ) { $this->set( 'tag_id', $the_tag->term_id ); } unset( $the_tag ); } } } if ( ! empty( $this->tax_query->queries ) || ! empty( $this->meta_query->queries ) || ! empty( $this->allow_query_attachment_by_filename ) ) { $groupby = "{$wpdb->posts}.ID"; } // Author/user stuff. if ( ! empty( $query_vars['author'] ) && '0' != $query_vars['author'] ) { $query_vars['author'] = addslashes_gpc( '' . urldecode( $query_vars['author'] ) ); $authors = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $query_vars['author'] ) ) ); sort( $authors ); foreach ( $authors as $author ) { $key = $author > 0 ? 'author__in' : 'author__not_in'; $query_vars[ $key ][] = abs( $author ); } $query_vars['author'] = implode( ',', $authors ); } if ( ! empty( $query_vars['author__not_in'] ) ) { if ( is_array( $query_vars['author__not_in'] ) ) { $query_vars['author__not_in'] = array_unique( array_map( 'absint', $query_vars['author__not_in'] ) ); sort( $query_vars['author__not_in'] ); } $author__not_in = implode( ',', (array) $query_vars['author__not_in'] ); $where .= " AND {$wpdb->posts}.post_author NOT IN ($author__not_in) "; } elseif ( ! empty( $query_vars['author__in'] ) ) { if ( is_array( $query_vars['author__in'] ) ) { $query_vars['author__in'] = array_unique( array_map( 'absint', $query_vars['author__in'] ) ); sort( $query_vars['author__in'] ); } $author__in = implode( ',', array_map( 'absint', array_unique( (array) $query_vars['author__in'] ) ) ); $where .= " AND {$wpdb->posts}.post_author IN ($author__in) "; } // Author stuff for nice URLs. if ( '' !== $query_vars['author_name'] ) { if ( str_contains( $query_vars['author_name'], '/' ) ) { $query_vars['author_name'] = explode( '/', $query_vars['author_name'] ); if ( $query_vars['author_name'][ count( $query_vars['author_name'] ) - 1 ] ) { $query_vars['author_name'] = $query_vars['author_name'][ count( $query_vars['author_name'] ) - 1 ]; // No trailing slash. } else { $query_vars['author_name'] = $query_vars['author_name'][ count( $query_vars['author_name'] ) - 2 ]; // There was a trailing slash. } } $query_vars['author_name'] = sanitize_title_for_query( $query_vars['author_name'] ); $query_vars['author'] = get_user_by( 'slug', $query_vars['author_name'] ); if ( $query_vars['author'] ) { $query_vars['author'] = $query_vars['author']->ID; } $whichauthor .= " AND ({$wpdb->posts}.post_author = " . absint( $query_vars['author'] ) . ')'; } // Matching by comment count. if ( isset( $query_vars['comment_count'] ) ) { // Numeric comment count is converted to array format. if ( is_numeric( $query_vars['comment_count'] ) ) { $query_vars['comment_count'] = array( 'value' => (int) $query_vars['comment_count'], ); } if ( isset( $query_vars['comment_count']['value'] ) ) { $query_vars['comment_count'] = array_merge( array( 'compare' => '=', ), $query_vars['comment_count'] ); // Fallback for invalid compare operators is '='. $compare_operators = array( '=', '!=', '>', '>=', '<', '<=' ); if ( ! in_array( $query_vars['comment_count']['compare'], $compare_operators, true ) ) { $query_vars['comment_count']['compare'] = '='; } $where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_count {$query_vars['comment_count']['compare']} %d", $query_vars['comment_count']['value'] ); } } // MIME-Type stuff for attachment browsing. if ( isset( $query_vars['post_mime_type'] ) && '' !== $query_vars['post_mime_type'] ) { $whichmimetype = wp_post_mime_type_where( $query_vars['post_mime_type'], $wpdb->posts ); } $where .= $search . $whichauthor . $whichmimetype; if ( ! empty( $this->allow_query_attachment_by_filename ) ) { $join .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )"; } if ( ! empty( $this->meta_query->queries ) ) { $clauses = $this->meta_query->get_sql( 'post', $wpdb->posts, 'ID', $this ); $join .= $clauses['join']; $where .= $clauses['where']; } $rand = ( isset( $query_vars['orderby'] ) && 'rand' === $query_vars['orderby'] ); if ( ! isset( $query_vars['order'] ) ) { $query_vars['order'] = $rand ? '' : 'DESC'; } else { $query_vars['order'] = $rand ? '' : $this->parse_order( $query_vars['order'] ); } // These values of orderby should ignore the 'order' parameter. $force_asc = array( 'post__in', 'post_name__in', 'post_parent__in' ); if ( isset( $query_vars['orderby'] ) && in_array( $query_vars['orderby'], $force_asc, true ) ) { $query_vars['order'] = ''; } // Order by. if ( empty( $query_vars['orderby'] ) ) { /* * Boolean false or empty array blanks out ORDER BY, * while leaving the value unset or otherwise empty sets the default. */ if ( isset( $query_vars['orderby'] ) && ( is_array( $query_vars['orderby'] ) || false === $query_vars['orderby'] ) ) { $orderby = ''; } else { $orderby = "{$wpdb->posts}.post_date " . $query_vars['order']; } } elseif ( 'none' === $query_vars['orderby'] ) { $orderby = ''; } else { $orderby_array = array(); if ( is_array( $query_vars['orderby'] ) ) { foreach ( $query_vars['orderby'] as $_orderby => $order ) { $orderby = addslashes_gpc( urldecode( $_orderby ) ); $parsed = $this->parse_orderby( $orderby ); if ( ! $parsed ) { continue; } $orderby_array[] = $parsed . ' ' . $this->parse_order( $order ); } $orderby = implode( ', ', $orderby_array ); } else { $query_vars['orderby'] = urldecode( $query_vars['orderby'] ); $query_vars['orderby'] = addslashes_gpc( $query_vars['orderby'] ); foreach ( explode( ' ', $query_vars['orderby'] ) as $i => $orderby ) { $parsed = $this->parse_orderby( $orderby ); // Only allow certain values for safety. if ( ! $parsed ) { continue; } $orderby_array[] = $parsed; } $orderby = implode( ' ' . $query_vars['order'] . ', ', $orderby_array ); if ( empty( $orderby ) ) { $orderby = "{$wpdb->posts}.post_date " . $query_vars['order']; } elseif ( ! empty( $query_vars['order'] ) ) { $orderby .= " {$query_vars['order']}"; } } } // Order search results by relevance only when another "orderby" is not specified in the query. if ( ! empty( $query_vars['s'] ) ) { $search_orderby = ''; if ( ! empty( $query_vars['search_orderby_title'] ) && ( empty( $query_vars['orderby'] ) && ! $this->is_feed ) || ( isset( $query_vars['orderby'] ) && 'relevance' === $query_vars['orderby'] ) ) { $search_orderby = $this->parse_search_order( $query_vars ); } if ( ! $query_vars['suppress_filters'] ) { /** * Filters the ORDER BY used when ordering search results. * * @since 3.7.0 * * @param string $search_orderby The ORDER BY clause. * @param WP_Query $query The current WP_Query instance. */ $search_orderby = apply_filters( 'posts_search_orderby', $search_orderby, $this ); } if ( $search_orderby ) { $orderby = $orderby ? $search_orderby . ', ' . $orderby : $search_orderby; } } if ( is_array( $post_type ) && count( $post_type ) > 1 ) { $post_type_cap = 'multiple_post_type'; } else { if ( is_array( $post_type ) ) { $post_type = reset( $post_type ); } $post_type_object = get_post_type_object( $post_type ); if ( empty( $post_type_object ) ) { $post_type_cap = $post_type; } } if ( isset( $query_vars['post_password'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_password = %s", $query_vars['post_password'] ); if ( empty( $query_vars['perm'] ) ) { $query_vars['perm'] = 'readable'; } } elseif ( isset( $query_vars['has_password'] ) ) { $where .= sprintf( " AND {$wpdb->posts}.post_password %s ''", $query_vars['has_password'] ? '!=' : '=' ); } if ( ! empty( $query_vars['comment_status'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_status = %s ", $query_vars['comment_status'] ); } if ( ! empty( $query_vars['ping_status'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.ping_status = %s ", $query_vars['ping_status'] ); } $skip_post_status = false; if ( 'any' === $post_type ) { $in_search_post_types = get_post_types( array( 'exclude_from_search' => false ) ); if ( empty( $in_search_post_types ) ) { $post_type_where = ' AND 1=0 '; $skip_post_status = true; } else { $post_type_where = " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')"; } } elseif ( ! empty( $post_type ) && is_array( $post_type ) ) { // Sort post types to ensure same cache key generation. sort( $post_type ); $post_type_where = " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", esc_sql( $post_type ) ) . "')"; } elseif ( ! empty( $post_type ) ) { $post_type_where = $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type ); $post_type_object = get_post_type_object( $post_type ); } elseif ( $this->is_attachment ) { $post_type_where = " AND {$wpdb->posts}.post_type = 'attachment'"; $post_type_object = get_post_type_object( 'attachment' ); } elseif ( $this->is_page ) { $post_type_where = " AND {$wpdb->posts}.post_type = 'page'"; $post_type_object = get_post_type_object( 'page' ); } else { $post_type_where = " AND {$wpdb->posts}.post_type = 'post'"; $post_type_object = get_post_type_object( 'post' ); } $edit_cap = 'edit_post'; $read_cap = 'read_post'; if ( ! empty( $post_type_object ) ) { $edit_others_cap = $post_type_object->cap->edit_others_posts; $read_private_cap = $post_type_object->cap->read_private_posts; } else { $edit_others_cap = 'edit_others_' . $post_type_cap . 's'; $read_private_cap = 'read_private_' . $post_type_cap . 's'; } $user_id = get_current_user_id(); $q_status = array(); if ( $skip_post_status ) { $where .= $post_type_where; } elseif ( ! empty( $query_vars['post_status'] ) ) { $where .= $post_type_where; $statuswheres = array(); $q_status = $query_vars['post_status']; if ( ! is_array( $q_status ) ) { $q_status = explode( ',', $q_status ); } sort( $q_status ); $r_status = array(); $p_status = array(); $e_status = array(); if ( in_array( 'any', $q_status, true ) ) { foreach ( get_post_stati( array( 'exclude_from_search' => true ) ) as $status ) { if ( ! in_array( $status, $q_status, true ) ) { $e_status[] = "{$wpdb->posts}.post_status <> '$status'"; } } } else { foreach ( get_post_stati() as $status ) { if ( in_array( $status, $q_status, true ) ) { if ( 'private' === $status ) { $p_status[] = "{$wpdb->posts}.post_status = '$status'"; } else { $r_status[] = "{$wpdb->posts}.post_status = '$status'"; } } } } if ( empty( $query_vars['perm'] ) || 'readable' !== $query_vars['perm'] ) { $r_status = array_merge( $r_status, $p_status ); unset( $p_status ); } if ( ! empty( $e_status ) ) { $statuswheres[] = '(' . implode( ' AND ', $e_status ) . ')'; } if ( ! empty( $r_status ) ) { if ( ! empty( $query_vars['perm'] ) && 'editable' === $query_vars['perm'] && ! current_user_can( $edit_others_cap ) ) { $statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . implode( ' OR ', $r_status ) . '))'; } else { $statuswheres[] = '(' . implode( ' OR ', $r_status ) . ')'; } } if ( ! empty( $p_status ) ) { if ( ! empty( $query_vars['perm'] ) && 'readable' === $query_vars['perm'] && ! current_user_can( $read_private_cap ) ) { $statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . implode( ' OR ', $p_status ) . '))'; } else { $statuswheres[] = '(' . implode( ' OR ', $p_status ) . ')'; } } if ( $post_status_join ) { $join .= " LEFT JOIN {$wpdb->posts} AS p2 ON ({$wpdb->posts}.post_parent = p2.ID) "; foreach ( $statuswheres as $index => $statuswhere ) { $statuswheres[ $index ] = "($statuswhere OR ({$wpdb->posts}.post_status = 'inherit' AND " . str_replace( $wpdb->posts, 'p2', $statuswhere ) . '))'; } } $where_status = implode( ' OR ', $statuswheres ); if ( ! empty( $where_status ) ) { $where .= " AND ($where_status)"; } } elseif ( ! $this->is_singular ) { if ( 'any' === $post_type ) { $queried_post_types = get_post_types( array( 'exclude_from_search' => false ) ); } elseif ( is_array( $post_type ) ) { $queried_post_types = $post_type; } elseif ( ! empty( $post_type ) ) { $queried_post_types = array( $post_type ); } else { $queried_post_types = array( 'post' ); } if ( ! empty( $queried_post_types ) ) { sort( $queried_post_types ); $status_type_clauses = array(); foreach ( $queried_post_types as $queried_post_type ) { $queried_post_type_object = get_post_type_object( $queried_post_type ); $type_where = '(' . $wpdb->prepare( "{$wpdb->posts}.post_type = %s AND (", $queried_post_type ); // Public statuses. $public_statuses = get_post_stati( array( 'public' => true ) ); $status_clauses = array(); foreach ( $public_statuses as $public_status ) { $status_clauses[] = "{$wpdb->posts}.post_status = '$public_status'"; } $type_where .= implode( ' OR ', $status_clauses ); // Add protected states that should show in the admin all list. if ( $this->is_admin ) { $admin_all_statuses = get_post_stati( array( 'protected' => true, 'show_in_admin_all_list' => true, ) ); foreach ( $admin_all_statuses as $admin_all_status ) { $type_where .= " OR {$wpdb->posts}.post_status = '$admin_all_status'"; } } // Add private states that are visible to current user. if ( is_user_logged_in() && $queried_post_type_object instanceof WP_Post_Type ) { $read_private_cap = $queried_post_type_object->cap->read_private_posts; $private_statuses = get_post_stati( array( 'private' => true ) ); foreach ( $private_statuses as $private_status ) { $type_where .= current_user_can( $read_private_cap ) ? " \nOR {$wpdb->posts}.post_status = '$private_status'" : " \nOR ({$wpdb->posts}.post_author = $user_id AND {$wpdb->posts}.post_status = '$private_status')"; } } $type_where .= '))'; $status_type_clauses[] = $type_where; } if ( ! empty( $status_type_clauses ) ) { $where .= ' AND (' . implode( ' OR ', $status_type_clauses ) . ')'; } } else { $where .= ' AND 1=0 '; } } else { $where .= $post_type_where; } /* * Apply filters on where and join prior to paging so that any * manipulations to them are reflected in the paging by day queries. */ if ( ! $query_vars['suppress_filters'] ) { /** * Filters the WHERE clause of the query. * * @since 1.5.0 * * @param string $where The WHERE clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $where = apply_filters_ref_array( 'posts_where', array( $where, &$this ) ); /** * Filters the JOIN clause of the query. * * @since 1.5.0 * * @param string $join The JOIN clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $join = apply_filters_ref_array( 'posts_join', array( $join, &$this ) ); } // Paging. if ( empty( $query_vars['nopaging'] ) && ! $this->is_singular ) { $page = absint( $query_vars['paged'] ); if ( ! $page ) { $page = 1; } // If 'offset' is provided, it takes precedence over 'paged'. if ( isset( $query_vars['offset'] ) && is_numeric( $query_vars['offset'] ) ) { $query_vars['offset'] = absint( $query_vars['offset'] ); $pgstrt = $query_vars['offset'] . ', '; } else { $pgstrt = absint( ( $page - 1 ) * $query_vars['posts_per_page'] ) . ', '; } $limits = 'LIMIT ' . $pgstrt . $query_vars['posts_per_page']; } // Comments feeds. if ( $this->is_comment_feed && ! $this->is_singular ) { if ( $this->is_archive || $this->is_search ) { $cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID ) $join "; $cwhere = "WHERE comment_approved = '1' $where"; $cgroupby = "{$wpdb->comments}.comment_id"; } else { // Other non-singular, e.g. front. $cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID )"; $cwhere = "WHERE ( post_status = 'publish' OR ( post_status = 'inherit' AND post_type = 'attachment' ) ) AND comment_approved = '1'"; $cgroupby = ''; } if ( ! $query_vars['suppress_filters'] ) { /** * Filters the JOIN clause of the comments feed query before sending. * * @since 2.2.0 * * @param string $cjoin The JOIN clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $cjoin = apply_filters_ref_array( 'comment_feed_join', array( $cjoin, &$this ) ); /** * Filters the WHERE clause of the comments feed query before sending. * * @since 2.2.0 * * @param string $cwhere The WHERE clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $cwhere = apply_filters_ref_array( 'comment_feed_where', array( $cwhere, &$this ) ); /** * Filters the GROUP BY clause of the comments feed query before sending. * * @since 2.2.0 * * @param string $cgroupby The GROUP BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( $cgroupby, &$this ) ); /** * Filters the ORDER BY clause of the comments feed query before sending. * * @since 2.8.0 * * @param string $corderby The ORDER BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) ); /** * Filters the LIMIT clause of the comments feed query before sending. * * @since 2.8.0 * * @param string $climits The JOIN clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) ); } $cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : ''; $corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : ''; $climits = ( ! empty( $climits ) ) ? $climits : ''; $comments_request = "SELECT $distinct {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits"; $key = md5( $comments_request ); $last_changed = array( wp_cache_get_last_changed( 'comment' ), wp_cache_get_last_changed( 'posts' ), ); $cache_key = "comment_feed:$key"; $comment_ids = wp_cache_get_salted( $cache_key, 'comment-queries', $last_changed ); if ( false === $comment_ids ) { $comment_ids = $wpdb->get_col( $comments_request ); wp_cache_set_salted( $cache_key, $comment_ids, 'comment-queries', $last_changed ); } _prime_comment_caches( $comment_ids ); // Convert to WP_Comment. /** @var WP_Comment[] */ $this->comments = array_map( 'get_comment', $comment_ids ); $this->comment_count = count( $this->comments ); $post_ids = array(); foreach ( $this->comments as $comment ) { $post_ids[] = (int) $comment->comment_post_ID; } $post_ids = implode( ',', $post_ids ); $join = ''; if ( $post_ids ) { $where = "AND {$wpdb->posts}.ID IN ($post_ids) "; } else { $where = 'AND 0'; } } $pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' ); /* * Apply post-paging filters on where and join. Only plugins that * manipulate paging queries should use these hooks. */ if ( ! $query_vars['suppress_filters'] ) { /** * Filters the WHERE clause of the query. * * Specifically for manipulating paging queries. * * @since 1.5.0 * * @param string $where The WHERE clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $where = apply_filters_ref_array( 'posts_where_paged', array( $where, &$this ) ); /** * Filters the GROUP BY clause of the query. * * @since 2.0.0 * * @param string $groupby The GROUP BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $groupby = apply_filters_ref_array( 'posts_groupby', array( $groupby, &$this ) ); /** * Filters the JOIN clause of the query. * * Specifically for manipulating paging queries. * * @since 1.5.0 * * @param string $join The JOIN clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $join = apply_filters_ref_array( 'posts_join_paged', array( $join, &$this ) ); /** * Filters the ORDER BY clause of the query. * * @since 1.5.1 * * @param string $orderby The ORDER BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $orderby = apply_filters_ref_array( 'posts_orderby', array( $orderby, &$this ) ); /** * Filters the DISTINCT clause of the query. * * @since 2.1.0 * * @param string $distinct The DISTINCT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $distinct = apply_filters_ref_array( 'posts_distinct', array( $distinct, &$this ) ); /** * Filters the LIMIT clause of the query. * * @since 2.1.0 * * @param string $limits The LIMIT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $limits = apply_filters_ref_array( 'post_limits', array( $limits, &$this ) ); /** * Filters the SELECT clause of the query. * * @since 2.1.0 * * @param string $fields The SELECT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $fields = apply_filters_ref_array( 'posts_fields', array( $fields, &$this ) ); /** * Filters all query clauses at once, for convenience. * * Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT, * fields (SELECT), and LIMIT clauses. * * @since 3.1.0 * * @param string[] $clauses { * Associative array of the clauses for the query. * * @type string $where The WHERE clause of the query. * @type string $groupby The GROUP BY clause of the query. * @type string $join The JOIN clause of the query. * @type string $orderby The ORDER BY clause of the query. * @type string $distinct The DISTINCT clause of the query. * @type string $fields The SELECT clause of the query. * @type string $limits The LIMIT clause of the query. * } * @param WP_Query $query The WP_Query instance (passed by reference). */ $clauses = (array) apply_filters_ref_array( 'posts_clauses', array( compact( $pieces ), &$this ) ); $where = isset( $clauses['where'] ) ? $clauses['where'] : ''; $groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : ''; $join = isset( $clauses['join'] ) ? $clauses['join'] : ''; $orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : ''; $distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : ''; $fields = isset( $clauses['fields'] ) ? $clauses['fields'] : ''; $limits = isset( $clauses['limits'] ) ? $clauses['limits'] : ''; } /** * Fires to announce the query's current selection parameters. * * For use by caching plugins. * * @since 2.3.0 * * @param string $selection The assembled selection query. */ do_action( 'posts_selection', $where . $groupby . $orderby . $limits . $join ); /* * Filters again for the benefit of caching plugins. * Regular plugins should use the hooks above. */ if ( ! $query_vars['suppress_filters'] ) { /** * Filters the WHERE clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $where The WHERE clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $where = apply_filters_ref_array( 'posts_where_request', array( $where, &$this ) ); /** * Filters the GROUP BY clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $groupby The GROUP BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $groupby = apply_filters_ref_array( 'posts_groupby_request', array( $groupby, &$this ) ); /** * Filters the JOIN clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $join The JOIN clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $join = apply_filters_ref_array( 'posts_join_request', array( $join, &$this ) ); /** * Filters the ORDER BY clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $orderby The ORDER BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $orderby = apply_filters_ref_array( 'posts_orderby_request', array( $orderby, &$this ) ); /** * Filters the DISTINCT clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $distinct The DISTINCT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $distinct = apply_filters_ref_array( 'posts_distinct_request', array( $distinct, &$this ) ); /** * Filters the SELECT clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $fields The SELECT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $fields = apply_filters_ref_array( 'posts_fields_request', array( $fields, &$this ) ); /** * Filters the LIMIT clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $limits The LIMIT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $limits = apply_filters_ref_array( 'post_limits_request', array( $limits, &$this ) ); /** * Filters all query clauses at once, for convenience. * * For use by caching plugins. * * Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT, * fields (SELECT), and LIMIT clauses. * * @since 3.1.0 * * @param string[] $clauses { * Associative array of the clauses for the query. * * @type string $where The WHERE clause of the query. * @type string $groupby The GROUP BY clause of the query. * @type string $join The JOIN clause of the query. * @type string $orderby The ORDER BY clause of the query. * @type string $distinct The DISTINCT clause of the query. * @type string $fields The SELECT clause of the query. * @type string $limits The LIMIT clause of the query. * } * @param WP_Query $query The WP_Query instance (passed by reference). */ $clauses = (array) apply_filters_ref_array( 'posts_clauses_request', array( compact( $pieces ), &$this ) ); $where = isset( $clauses['where'] ) ? $clauses['where'] : ''; $groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : ''; $join = isset( $clauses['join'] ) ? $clauses['join'] : ''; $orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : ''; $distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : ''; $fields = isset( $clauses['fields'] ) ? $clauses['fields'] : ''; $limits = isset( $clauses['limits'] ) ? $clauses['limits'] : ''; } if ( ! empty( $groupby ) ) { $groupby = 'GROUP BY ' . $groupby; } if ( ! empty( $orderby ) ) { $orderby = 'ORDER BY ' . $orderby; } $found_rows = ''; if ( ! $query_vars['no_found_rows'] && ! empty( $limits ) ) { $found_rows = 'SQL_CALC_FOUND_ROWS'; } /* * Beginning of the string is on a new line to prevent leading whitespace. * * The additional indentation of subsequent lines is to ensure the SQL * queries are identical to those generated when splitting queries. This * improves caching of the query by ensuring the same cache key is * generated for the same database queries functionally. * * See https://core.trac.wordpress.org/ticket/56841. * See https://github.com/WordPress/wordpress-develop/pull/6393#issuecomment-2088217429 */ $old_request = "SELECT $found_rows $distinct $fields FROM {$wpdb->posts} $join WHERE 1=1 $where $groupby $orderby $limits"; $this->request = $old_request; if ( ! $query_vars['suppress_filters'] ) { /** * Filters the completed SQL query before sending. * * @since 2.0.0 * * @param string $request The complete SQL query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->request = apply_filters_ref_array( 'posts_request', array( $this->request, &$this ) ); } /** * Filters the posts array before the query takes place. * * Return a non-null value to bypass WordPress' default post queries. * * Filtering functions that require pagination information are encouraged to set * the `found_posts` and `max_num_pages` properties of the WP_Query object, * passed to the filter by reference. If WP_Query does not perform a database * query, it will not have enough information to generate these values itself. * * @since 4.6.0 * * @param WP_Post[]|int[]|null $posts Return an array of post data to short-circuit WP's query, * or null to allow WP to run its normal queries. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->posts = apply_filters_ref_array( 'posts_pre_query', array( null, &$this ) ); /* * Ensure the ID database query is able to be cached. * * Random queries are expected to have unpredictable results and * cannot be cached. Note the space before `RAND` in the string * search, that to ensure against a collision with another * function. * * If `$fields` has been modified by the `posts_fields`, * `posts_fields_request`, `post_clauses` or `posts_clauses_request` * filters, then caching is disabled to prevent caching collisions. */ $id_query_is_cacheable = ! str_contains( strtoupper( $orderby ), ' RAND(' ); $cacheable_field_values = array( "{$wpdb->posts}.*", "{$wpdb->posts}.ID, {$wpdb->posts}.post_parent", "{$wpdb->posts}.ID", ); if ( ! in_array( $fields, $cacheable_field_values, true ) ) { $id_query_is_cacheable = false; } $last_changed = (array) wp_cache_get_last_changed( 'posts' ); if ( ! empty( $this->tax_query->queries ) ) { $last_changed[] = wp_cache_get_last_changed( 'terms' ); } if ( $query_vars['cache_results'] && $id_query_is_cacheable ) { $new_request = str_replace( $fields, "{$wpdb->posts}.*", $this->request ); $cache_key = $this->generate_cache_key( $query_vars, $new_request ); $cache_found = false; if ( null === $this->posts ) { $cached_results = wp_cache_get_salted( $cache_key, 'post-queries', $last_changed ); if ( $cached_results ) { $cache_found = true; /** @var int[] */ $post_ids = array_map( 'intval', $cached_results['posts'] ); $this->post_count = count( $post_ids ); $this->found_posts = $cached_results['found_posts']; $this->max_num_pages = $cached_results['max_num_pages']; if ( 'ids' === $query_vars['fields'] ) { $this->posts = $post_ids; return $this->posts; } elseif ( 'id=>parent' === $query_vars['fields'] ) { _prime_post_parent_id_caches( $post_ids ); $post_parent_cache_keys = array(); foreach ( $post_ids as $post_id ) { $post_parent_cache_keys[] = 'post_parent:' . (string) $post_id; } /** @var int[] */ $post_parents = wp_cache_get_multiple( $post_parent_cache_keys, 'posts' ); foreach ( $post_parents as $cache_key => $post_parent ) { $obj = new stdClass(); $obj->ID = (int) str_replace( 'post_parent:', '', $cache_key ); $obj->post_parent = (int) $post_parent; $this->posts[] = $obj; } return $post_parents; } else { _prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] ); /** @var WP_Post[] */ $this->posts = array_map( 'get_post', $post_ids ); } } } } if ( 'ids' === $query_vars['fields'] ) { if ( null === $this->posts ) { $this->posts = $wpdb->get_col( $this->request ); } /** @var int[] */ $this->posts = array_map( 'intval', $this->posts ); $this->post_count = count( $this->posts ); $this->set_found_posts( $query_vars, $limits ); if ( $query_vars['cache_results'] && $id_query_is_cacheable ) { $cache_value = array( 'posts' => $this->posts, 'found_posts' => $this->found_posts, 'max_num_pages' => $this->max_num_pages, ); wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed ); } return $this->posts; } if ( 'id=>parent' === $query_vars['fields'] ) { if ( null === $this->posts ) { $this->posts = $wpdb->get_results( $this->request ); } $this->post_count = count( $this->posts ); $this->set_found_posts( $query_vars, $limits ); /** @var int[] */ $post_parents = array(); $post_ids = array(); $post_parents_cache = array(); foreach ( $this->posts as $key => $post ) { $this->posts[ $key ]->ID = (int) $post->ID; $this->posts[ $key ]->post_parent = (int) $post->post_parent; $post_parents[ (int) $post->ID ] = (int) $post->post_parent; $post_ids[] = (int) $post->ID; $post_parents_cache[ 'post_parent:' . (string) $post->ID ] = (int) $post->post_parent; } // Prime post parent caches, so that on second run, there is not another database query. wp_cache_add_multiple( $post_parents_cache, 'posts' ); if ( $query_vars['cache_results'] && $id_query_is_cacheable ) { $cache_value = array( 'posts' => $post_ids, 'found_posts' => $this->found_posts, 'max_num_pages' => $this->max_num_pages, ); wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed ); } return $post_parents; } $is_unfiltered_query = $old_request === $this->request && "{$wpdb->posts}.*" === $fields; if ( null === $this->posts ) { $split_the_query = ( $is_unfiltered_query && ( wp_using_ext_object_cache() || ( ! empty( $limits ) && $query_vars['posts_per_page'] < 500 ) ) ); /** * Filters whether to split the query. * * Splitting the query will cause it to fetch just the IDs of the found posts * (and then individually fetch each post by ID), rather than fetching every * complete row at once. One massive result vs. many small results. * * @since 3.4.0 * @since 6.6.0 Added the `$old_request` and `$clauses` parameters. * * @param bool $split_the_query Whether or not to split the query. * @param WP_Query $query The WP_Query instance. * @param string $old_request The complete SQL query before filtering. * @param string[] $clauses { * Associative array of the clauses for the query. * * @type string $where The WHERE clause of the query. * @type string $groupby The GROUP BY clause of the query. * @type string $join The JOIN clause of the query. * @type string $orderby The ORDER BY clause of the query. * @type string $distinct The DISTINCT clause of the query. * @type string $fields The SELECT clause of the query. * @type string $limits The LIMIT clause of the query. * } */ $split_the_query = apply_filters( 'split_the_query', $split_the_query, $this, $old_request, compact( $pieces ) ); if ( $split_the_query ) { // First get the IDs and then fill in the objects. // Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841. $this->request = "SELECT $found_rows $distinct {$wpdb->posts}.ID FROM {$wpdb->posts} $join WHERE 1=1 $where $groupby $orderby $limits"; /** * Filters the Post IDs SQL request before sending. * * @since 3.4.0 * * @param string $request The post ID request. * @param WP_Query $query The WP_Query instance. */ $this->request = apply_filters( 'posts_request_ids', $this->request, $this ); $post_ids = $wpdb->get_col( $this->request ); if ( $post_ids ) { $this->posts = $post_ids; $this->set_found_posts( $query_vars, $limits ); _prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] ); } else { $this->posts = array(); } } else { $this->posts = $wpdb->get_results( $this->request ); $this->set_found_posts( $query_vars, $limits ); } } // Convert to WP_Post objects. if ( $this->posts ) { /** @var WP_Post[] */ $this->posts = array_map( 'get_post', $this->posts ); } $unfiltered_posts = $this->posts; if ( $query_vars['cache_results'] && $id_query_is_cacheable && ! $cache_found ) { $post_ids = wp_list_pluck( $this->posts, 'ID' ); $cache_value = array( 'posts' => $post_ids, 'found_posts' => $this->found_posts, 'max_num_pages' => $this->max_num_pages, ); wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed ); } if ( ! $query_vars['suppress_filters'] ) { /** * Filters the raw post results array, prior to status checks. * * @since 2.3.0 * * @param WP_Post[] $posts Array of post objects. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->posts = apply_filters_ref_array( 'posts_results', array( $this->posts, &$this ) ); } if ( ! empty( $this->posts ) && $this->is_comment_feed && $this->is_singular ) { /** This filter is documented in wp-includes/query.php */ $cjoin = apply_filters_ref_array( 'comment_feed_join', array( '', &$this ) ); /** This filter is documented in wp-includes/query.php */ $cwhere = apply_filters_ref_array( 'comment_feed_where', array( "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'", &$this ) ); /** This filter is documented in wp-includes/query.php */ $cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( '', &$this ) ); $cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : ''; /** This filter is documented in wp-includes/query.php */ $corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) ); $corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : ''; /** This filter is documented in wp-includes/query.php */ $climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) ); $comments_request = "SELECT {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits"; $comment_key = md5( $comments_request ); $comment_last_changed = wp_cache_get_last_changed( 'comment' ); $comment_cache_key = "comment_feed:$comment_key"; $comment_ids = wp_cache_get_salted( $comment_cache_key, 'comment-queries', $comment_last_changed ); if ( false === $comment_ids ) { $comment_ids = $wpdb->get_col( $comments_request ); wp_cache_set_salted( $comment_cache_key, $comment_ids, 'comment-queries', $comment_last_changed ); } _prime_comment_caches( $comment_ids ); // Convert to WP_Comment. /** @var WP_Comment[] */ $this->comments = array_map( 'get_comment', $comment_ids ); $this->comment_count = count( $this->comments ); } // Check post status to determine if post should be displayed. if ( ! empty( $this->posts ) && ( $this->is_single || $this->is_page ) ) { $status = get_post_status( $this->posts[0] ); if ( 'attachment' === $this->posts[0]->post_type && 0 === (int) $this->posts[0]->post_parent ) { $this->is_page = false; $this->is_single = true; $this->is_attachment = true; } // If the post_status was specifically requested, let it pass through. if ( ! in_array( $status, $q_status, true ) ) { $post_status_obj = get_post_status_object( $status ); if ( $post_status_obj && ! $post_status_obj->public ) { if ( ! is_user_logged_in() ) { // User must be logged in to view unpublished posts. $this->posts = array(); } else { if ( $post_status_obj->protected ) { // User must have edit permissions on the draft to preview. if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) { $this->posts = array(); } else { $this->is_preview = true; if ( 'future' !== $status ) { $this->posts[0]->post_date = current_time( 'mysql' ); } } } elseif ( $post_status_obj->private ) { if ( ! current_user_can( $read_cap, $this->posts[0]->ID ) ) { $this->posts = array(); } } else { $this->posts = array(); } } } elseif ( ! $post_status_obj ) { // Post status is not registered, assume it's not public. if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) { $this->posts = array(); } } } if ( $this->is_preview && $this->posts && current_user_can( $edit_cap, $this->posts[0]->ID ) ) { /** * Filters the single post for preview mode. * * @since 2.7.0 * * @param WP_Post $post_preview The Post object. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->posts[0] = get_post( apply_filters_ref_array( 'the_preview', array( $this->posts[0], &$this ) ) ); } } // Put sticky posts at the top of the posts array. $sticky_posts = get_option( 'sticky_posts' ); if ( $this->is_home && $page <= 1 && is_array( $sticky_posts ) && ! empty( $sticky_posts ) && ! $query_vars['ignore_sticky_posts'] ) { $num_posts = count( $this->posts ); $sticky_offset = 0; // Loop over posts and relocate stickies to the front. for ( $i = 0; $i < $num_posts; $i++ ) { if ( in_array( $this->posts[ $i ]->ID, $sticky_posts, true ) ) { $sticky_post = $this->posts[ $i ]; // Remove sticky from current position. array_splice( $this->posts, $i, 1 ); // Move to front, after other stickies. array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) ); // Increment the sticky offset. The next sticky will be placed at this offset. ++$sticky_offset; // Remove post from sticky posts array. $offset = array_search( $sticky_post->ID, $sticky_posts, true ); unset( $sticky_posts[ $offset ] ); } } // If any posts have been excluded specifically, Ignore those that are sticky. if ( ! empty( $sticky_posts ) && ! empty( $query_vars['post__not_in'] ) ) { $sticky_posts = array_diff( $sticky_posts, $query_vars['post__not_in'] ); } // Fetch sticky posts that weren't in the query results. if ( ! empty( $sticky_posts ) ) { $stickies = get_posts( array( 'post__in' => $sticky_posts, 'post_type' => $post_type, 'post_status' => 'publish', 'posts_per_page' => count( $sticky_posts ), 'suppress_filters' => $query_vars['suppress_filters'], 'cache_results' => $query_vars['cache_results'], 'update_post_meta_cache' => $query_vars['update_post_meta_cache'], 'update_post_term_cache' => $query_vars['update_post_term_cache'], 'lazy_load_term_meta' => $query_vars['lazy_load_term_meta'], ) ); foreach ( $stickies as $sticky_post ) { array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) ); ++$sticky_offset; } } } if ( ! $query_vars['suppress_filters'] ) { /** * Filters the array of retrieved posts after they've been fetched and * internally processed. * * @since 1.5.0 * * @param WP_Post[] $posts Array of post objects. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->posts = apply_filters_ref_array( 'the_posts', array( $this->posts, &$this ) ); } /* * Ensure that any posts added/modified via one of the filters above are * of the type WP_Post and are filtered. */ if ( $this->posts ) { $this->post_count = count( $this->posts ); /** @var WP_Post[] */ $this->posts = array_map( 'get_post', $this->posts ); if ( $query_vars['cache_results'] ) { if ( $is_unfiltered_query && $unfiltered_posts === $this->posts ) { update_post_caches( $this->posts, $post_type, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] ); } else { $post_ids = wp_list_pluck( $this->posts, 'ID' ); _prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] ); } } /** @var WP_Post */ $this->post = reset( $this->posts ); } else { $this->post_count = 0; $this->posts = array(); } if ( ! empty( $this->posts ) && $query_vars['update_menu_item_cache'] ) { update_menu_item_cache( $this->posts ); } if ( $query_vars['lazy_load_term_meta'] ) { wp_queue_posts_for_term_meta_lazyload( $this->posts ); } return $this->posts; } /** * Sets up the amount of found posts and the number of pages (if limit clause was used) * for the current query. * * @since 3.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $query_vars Query variables. * @param string $limits LIMIT clauses of the query. */ private function set_found_posts( $query_vars, $limits ) { global $wpdb; /* * Bail if posts is an empty array. Continue if posts is an empty string, * null, or false to accommodate caching plugins that fill posts later. */ if ( $query_vars['no_found_rows'] || ( is_array( $this->posts ) && ! $this->posts ) ) { return; } if ( ! empty( $limits ) ) { /** * Filters the query to run for retrieving the found posts. * * @since 2.1.0 * * @param string $found_posts_query The query to run to find the found posts. * @param WP_Query $query The WP_Query instance (passed by reference). */ $found_posts_query = apply_filters_ref_array( 'found_posts_query', array( 'SELECT FOUND_ROWS()', &$this ) ); $this->found_posts = (int) $wpdb->get_var( $found_posts_query ); } else { if ( is_array( $this->posts ) ) { $this->found_posts = count( $this->posts ); } else { if ( null === $this->posts ) { $this->found_posts = 0; } else { $this->found_posts = 1; } } } /** * Filters the number of found posts for the query. * * @since 2.1.0 * * @param int $found_posts The number of posts found. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->found_posts = (int) apply_filters_ref_array( 'found_posts', array( $this->found_posts, &$this ) ); if ( ! empty( $limits ) ) { $this->max_num_pages = (int) ceil( $this->found_posts / $query_vars['posts_per_page'] ); } } /** * Sets up the next post and iterate current post index. * * @since 1.5.0 * * @return WP_Post Next post. */ public function next_post() { ++$this->current_post; /** @var WP_Post */ $this->post = $this->posts[ $this->current_post ]; return $this->post; } /** * Sets up the current post. * * Retrieves the next post, sets up the post, sets the 'in the loop' * property to true. * * @since 1.5.0 * * @global WP_Post $post Global post object. */ public function the_post() { global $post; if ( ! $this->in_the_loop ) { if ( 'all' === $this->query_vars['fields'] ) { // Full post objects queried. $post_objects = $this->posts; } else { if ( 'ids' === $this->query_vars['fields'] ) { // Post IDs queried. $post_ids = $this->posts; } else { // Only partial objects queried, need to prime the cache for the loop. $post_ids = array_reduce( $this->posts, function ( $carry, $post ) { if ( isset( $post->ID ) ) { $carry[] = $post->ID; } return $carry; }, array() ); } _prime_post_caches( $post_ids, $this->query_vars['update_post_term_cache'], $this->query_vars['update_post_meta_cache'] ); $post_objects = array_map( 'get_post', $post_ids ); } update_post_author_caches( $post_objects ); } $this->in_the_loop = true; $this->before_loop = false; if ( -1 === $this->current_post ) { // Loop has just started. /** * Fires once the loop is started. * * @since 2.0.0 * * @param WP_Query $query The WP_Query instance (passed by reference). */ do_action_ref_array( 'loop_start', array( &$this ) ); } $post = $this->next_post(); // Ensure a full post object is available. if ( 'all' !== $this->query_vars['fields'] ) { if ( 'ids' === $this->query_vars['fields'] ) { // Post IDs queried. $post = get_post( $post ); } elseif ( isset( $post->ID ) ) { /* * Partial objecct queried. * * The post object was queried with a partial set of * fields, populate the entire object for the loop. */ $post = get_post( $post->ID ); } } // Set up the global post object for the loop. $this->setup_postdata( $post ); } /** * Determines whether there are more posts available in the loop. * * Calls the {@see 'loop_end'} action when the loop is complete. * * @since 1.5.0 * * @return bool True if posts are available, false if end of the loop. */ public function have_posts() { if ( $this->current_post + 1 < $this->post_count ) { return true; } elseif ( $this->current_post + 1 === $this->post_count && $this->post_count > 0 ) { /** * Fires once the loop has ended. * * @since 2.0.0 * * @param WP_Query $query The WP_Query instance (passed by reference). */ do_action_ref_array( 'loop_end', array( &$this ) ); // Do some cleaning up after the loop. $this->rewind_posts(); } elseif ( 0 === $this->post_count ) { $this->before_loop = false; /** * Fires if no results are found in a post query. * * @since 4.9.0 * * @param WP_Query $query The WP_Query instance. */ do_action( 'loop_no_results', $this ); } $this->in_the_loop = false; return false; } /** * Rewinds the posts and resets post index. * * @since 1.5.0 */ public function rewind_posts() { $this->current_post = -1; if ( $this->post_count > 0 ) { $this->post = $this->posts[0]; } } /** * Iterates current comment index and returns WP_Comment object. * * @since 2.2.0 * * @return WP_Comment Comment object. */ public function next_comment() { ++$this->current_comment; /** @var WP_Comment */ $this->comment = $this->comments[ $this->current_comment ]; return $this->comment; } /** * Sets up the current comment. * * @since 2.2.0 * * @global WP_Comment $comment Global comment object. */ public function the_comment() { global $comment; $comment = $this->next_comment(); if ( 0 === $this->current_comment ) { /** * Fires once the comment loop is started. * * @since 2.2.0 */ do_action( 'comment_loop_start' ); } } /** * Determines whether there are more comments available. * * Automatically rewinds comments when finished. * * @since 2.2.0 * * @return bool True if comments are available, false if no more comments. */ public function have_comments() { if ( $this->current_comment + 1 < $this->comment_count ) { return true; } elseif ( $this->current_comment + 1 === $this->comment_count ) { $this->rewind_comments(); } return false; } /** * Rewinds the comments, resets the comment index and comment to first. * * @since 2.2.0 */ public function rewind_comments() { $this->current_comment = -1; if ( $this->comment_count > 0 ) { $this->comment = $this->comments[0]; } } /** * Sets up the WordPress query by parsing query string. * * @since 1.5.0 * * @see WP_Query::parse_query() for all available arguments. * * @param string|array $query URL query string or array of query arguments. * @return WP_Post[]|int[] Array of post objects or post IDs. */ public function query( $query ) { $this->init(); $this->query = wp_parse_args( $query ); $this->query_vars = $this->query; return $this->get_posts(); } /** * Retrieves the currently queried object. * * If queried object is not set, then the queried object will be set from * the category, tag, taxonomy, posts page, single post, page, or author * query variable. After it is set up, it will be returned. * * @since 1.5.0 * * @return WP_Term|WP_Post_Type|WP_Post|WP_User|null The queried object. */ public function get_queried_object() { if ( isset( $this->queried_object ) ) { return $this->queried_object; } $this->queried_object = null; $this->queried_object_id = null; if ( $this->is_category || $this->is_tag || $this->is_tax ) { if ( $this->is_category ) { $cat = $this->get( 'cat' ); $category_name = $this->get( 'category_name' ); if ( $cat ) { $term = get_term( $cat, 'category' ); } elseif ( $category_name ) { $term = get_term_by( 'slug', $category_name, 'category' ); } } elseif ( $this->is_tag ) { $tag_id = $this->get( 'tag_id' ); $tag = $this->get( 'tag' ); if ( $tag_id ) { $term = get_term( $tag_id, 'post_tag' ); } elseif ( $tag ) { $term = get_term_by( 'slug', $tag, 'post_tag' ); } } else { // For other tax queries, grab the first term from the first clause. if ( ! empty( $this->tax_query->queried_terms ) ) { $queried_taxonomies = array_keys( $this->tax_query->queried_terms ); $matched_taxonomy = reset( $queried_taxonomies ); $query = $this->tax_query->queried_terms[ $matched_taxonomy ]; if ( ! empty( $query['terms'] ) ) { if ( 'term_id' === $query['field'] ) { $term = get_term( reset( $query['terms'] ), $matched_taxonomy ); } else { $term = get_term_by( $query['field'], reset( $query['terms'] ), $matched_taxonomy ); } } } } if ( ! empty( $term ) && ! is_wp_error( $term ) ) { $this->queried_object = $term; $this->queried_object_id = (int) $term->term_id; if ( $this->is_category && 'category' === $this->queried_object->taxonomy ) { _make_cat_compat( $this->queried_object ); } } } elseif ( $this->is_post_type_archive ) { $post_type = $this->get( 'post_type' ); if ( is_array( $post_type ) ) { $post_type = reset( $post_type ); } $this->queried_object = get_post_type_object( $post_type ); } elseif ( $this->is_posts_page ) { $page_for_posts = get_option( 'page_for_posts' ); $this->queried_object = get_post( $page_for_posts ); $this->queried_object_id = (int) $this->queried_object->ID; } elseif ( $this->is_singular && ! empty( $this->post ) ) { $this->queried_object = $this->post; $this->queried_object_id = (int) $this->post->ID; } elseif ( $this->is_author ) { $author = (int) $this->get( 'author' ); $author_name = $this->get( 'author_name' ); if ( $author ) { $this->queried_object_id = $author; } elseif ( $author_name ) { $user = get_user_by( 'slug', $author_name ); if ( $user ) { $this->queried_object_id = $user->ID; } } $this->queried_object = get_userdata( $this->queried_object_id ); } return $this->queried_object; } /** * Retrieves the ID of the currently queried object. * * @since 1.5.0 * * @return int */ public function get_queried_object_id() { $this->get_queried_object(); if ( isset( $this->queried_object_id ) ) { return $this->queried_object_id; } return 0; } /** * Constructor. * * Sets up the WordPress query, if parameter is not empty. * * @since 1.5.0 * * @see WP_Query::parse_query() for all available arguments. * * @param string|array $query URL query string or array of vars. */ public function __construct( $query = '' ) { if ( ! empty( $query ) ) { $this->query( $query ); } } /** * Makes private properties readable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to get. * @return mixed Property. */ public function __get( $name ) { if ( in_array( $name, $this->compat_fields, true ) ) { return $this->$name; } } /** * Makes private properties checkable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to check if set. * @return bool Whether the property is set. */ public function __isset( $name ) { if ( in_array( $name, $this->compat_fields, true ) ) { return isset( $this->$name ); } return false; } /** * Makes private/protected methods readable for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( in_array( $name, $this->compat_methods, true ) ) { return $this->$name( ...$arguments ); } return false; } /** * Determines whether the query is for an existing archive page. * * Archive pages include category, tag, author, date, custom post type, * and custom taxonomy based archives. * * @since 3.1.0 * * @see WP_Query::is_category() * @see WP_Query::is_tag() * @see WP_Query::is_author() * @see WP_Query::is_date() * @see WP_Query::is_post_type_archive() * @see WP_Query::is_tax() * * @return bool Whether the query is for an existing archive page. */ public function is_archive() { return (bool) $this->is_archive; } /** * Determines whether the query is for an existing post type archive page. * * @since 3.1.0 * * @param string|string[] $post_types Optional. Post type or array of posts types * to check against. Default empty. * @return bool Whether the query is for an existing post type archive page. */ public function is_post_type_archive( $post_types = '' ) { if ( empty( $post_types ) || ! $this->is_post_type_archive ) { return (bool) $this->is_post_type_archive; } $post_type = $this->get( 'post_type' ); if ( is_array( $post_type ) ) { $post_type = reset( $post_type ); } $post_type_object = get_post_type_object( $post_type ); if ( ! $post_type_object ) { return false; } return in_array( $post_type_object->name, (array) $post_types, true ); } /** * Determines whether the query is for an existing attachment page. * * @since 3.1.0 * * @param int|string|int[]|string[] $attachment Optional. Attachment ID, title, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing attachment page. */ public function is_attachment( $attachment = '' ) { if ( ! $this->is_attachment ) { return false; } if ( empty( $attachment ) ) { return true; } $attachment = array_map( 'strval', (array) $attachment ); $post_obj = $this->get_queried_object(); if ( ! $post_obj ) { return false; } if ( in_array( (string) $post_obj->ID, $attachment, true ) ) { return true; } elseif ( in_array( $post_obj->post_title, $attachment, true ) ) { return true; } elseif ( in_array( $post_obj->post_name, $attachment, true ) ) { return true; } return false; } /** * Determines whether the query is for an existing author archive page. * * If the $author parameter is specified, this function will additionally * check if the query is for one of the authors specified. * * @since 3.1.0 * * @param int|string|int[]|string[] $author Optional. User ID, nickname, nicename, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing author archive page. */ public function is_author( $author = '' ) { if ( ! $this->is_author ) { return false; } if ( empty( $author ) ) { return true; } $author_obj = $this->get_queried_object(); if ( ! $author_obj ) { return false; } $author = array_map( 'strval', (array) $author ); if ( in_array( (string) $author_obj->ID, $author, true ) ) { return true; } elseif ( in_array( $author_obj->nickname, $author, true ) ) { return true; } elseif ( in_array( $author_obj->user_nicename, $author, true ) ) { return true; } return false; } /** * Determines whether the query is for an existing category archive page. * * If the $category parameter is specified, this function will additionally * check if the query is for one of the categories specified. * * @since 3.1.0 * * @param int|string|int[]|string[] $category Optional. Category ID, name, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing category archive page. */ public function is_category( $category = '' ) { if ( ! $this->is_category ) { return false; } if ( empty( $category ) ) { return true; } $cat_obj = $this->get_queried_object(); if ( ! $cat_obj ) { return false; } $category = array_map( 'strval', (array) $category ); if ( in_array( (string) $cat_obj->term_id, $category, true ) ) { return true; } elseif ( in_array( $cat_obj->name, $category, true ) ) { return true; } elseif ( in_array( $cat_obj->slug, $category, true ) ) { return true; } return false; } /** * Determines whether the query is for an existing tag archive page. * * If the $tag parameter is specified, this function will additionally * check if the query is for one of the tags specified. * * @since 3.1.0 * * @param int|string|int[]|string[] $tag Optional. Tag ID, name, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing tag archive page. */ public function is_tag( $tag = '' ) { if ( ! $this->is_tag ) { return false; } if ( empty( $tag ) ) { return true; } $tag_obj = $this->get_queried_object(); if ( ! $tag_obj ) { return false; } $tag = array_map( 'strval', (array) $tag ); if ( in_array( (string) $tag_obj->term_id, $tag, true ) ) { return true; } elseif ( in_array( $tag_obj->name, $tag, true ) ) { return true; } elseif ( in_array( $tag_obj->slug, $tag, true ) ) { return true; } return false; } /** * Determines whether the query is for an existing custom taxonomy archive page. * * If the $taxonomy parameter is specified, this function will additionally * check if the query is for that specific $taxonomy. * * If the $term parameter is specified in addition to the $taxonomy parameter, * this function will additionally check if the query is for one of the terms * specified. * * @since 3.1.0 * * @global WP_Taxonomy[] $wp_taxonomies Registered taxonomies. * * @param string|string[] $taxonomy Optional. Taxonomy slug or slugs to check against. * Default empty. * @param int|string|int[]|string[] $term Optional. Term ID, name, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing custom taxonomy archive page. * True for custom taxonomy archive pages, false for built-in taxonomies * (category and tag archives). */ public function is_tax( $taxonomy = '', $term = '' ) { global $wp_taxonomies; if ( ! $this->is_tax ) { return false; } if ( empty( $taxonomy ) ) { return true; } $queried_object = $this->get_queried_object(); $tax_array = array_intersect( array_keys( $wp_taxonomies ), (array) $taxonomy ); $term_array = (array) $term; // Check that the taxonomy matches. if ( ! ( isset( $queried_object->taxonomy ) && count( $tax_array ) && in_array( $queried_object->taxonomy, $tax_array, true ) ) ) { return false; } // Only a taxonomy provided. if ( empty( $term ) ) { return true; } return isset( $queried_object->term_id ) && count( array_intersect( array( $queried_object->term_id, $queried_object->name, $queried_object->slug ), $term_array ) ); } /** * Determines whether the current URL is within the comments popup window. * * @since 3.1.0 * @deprecated 4.5.0 * * @return false Always returns false. */ public function is_comments_popup() { _deprecated_function( __FUNCTION__, '4.5.0' ); return false; } /** * Determines whether the query is for an existing date archive. * * @since 3.1.0 * * @return bool Whether the query is for an existing date archive. */ public function is_date() { return (bool) $this->is_date; } /** * Determines whether the query is for an existing day archive. * * @since 3.1.0 * * @return bool Whether the query is for an existing day archive. */ public function is_day() { return (bool) $this->is_day; } /** * Determines whether the query is for a feed. * * @since 3.1.0 * * @param string|string[] $feeds Optional. Feed type or array of feed types * to check against. Default empty. * @return bool Whether the query is for a feed. */ public function is_feed( $feeds = '' ) { if ( empty( $feeds ) || ! $this->is_feed ) { return (bool) $this->is_feed; } $query_var = $this->get( 'feed' ); if ( 'feed' === $query_var ) { $query_var = get_default_feed(); } return in_array( $query_var, (array) $feeds, true ); } /** * Determines whether the query is for a comments feed. * * @since 3.1.0 * * @return bool Whether the query is for a comments feed. */ public function is_comment_feed() { return (bool) $this->is_comment_feed; } /** * Determines whether the query is for the front page of the site. * * This is for what is displayed at your site's main URL. * * Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_on_front'. * * If you set a static page for the front page of your site, this function will return * true when viewing that page. * * Otherwise the same as {@see WP_Query::is_home()}. * * @since 3.1.0 * * @return bool Whether the query is for the front page of the site. */ public function is_front_page() { // Most likely case. if ( 'posts' === get_option( 'show_on_front' ) && $this->is_home() ) { return true; } elseif ( 'page' === get_option( 'show_on_front' ) && get_option( 'page_on_front' ) && $this->is_page( get_option( 'page_on_front' ) ) ) { return true; } else { return false; } } /** * Determines whether the query is for the blog homepage. * * This is the page which shows the time based blog content of your site. * * Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_for_posts'. * * If you set a static page for the front page of your site, this function will return * true only on the page you set as the "Posts page". * * @since 3.1.0 * * @see WP_Query::is_front_page() * * @return bool Whether the query is for the blog homepage. */ public function is_home() { return (bool) $this->is_home; } /** * Determines whether the query is for the Privacy Policy page. * * This is the page which shows the Privacy Policy content of your site. * * Depends on the site's "Change your Privacy Policy page" Privacy Settings 'wp_page_for_privacy_policy'. * * This function will return true only on the page you set as the "Privacy Policy page". * * @since 5.2.0 * * @return bool Whether the query is for the Privacy Policy page. */ public function is_privacy_policy() { if ( get_option( 'wp_page_for_privacy_policy' ) && $this->is_page( get_option( 'wp_page_for_privacy_policy' ) ) ) { return true; } else { return false; } } /** * Determines whether the query is for an existing month archive. * * @since 3.1.0 * * @return bool Whether the query is for an existing month archive. */ public function is_month() { return (bool) $this->is_month; } /** * Determines whether the query is for an existing single page. * * If the $page parameter is specified, this function will additionally * check if the query is for one of the pages specified. * * @since 3.1.0 * * @see WP_Query::is_single() * @see WP_Query::is_singular() * * @param int|string|int[]|string[] $page Optional. Page ID, title, slug, path, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing single page. */ public function is_page( $page = '' ) { if ( ! $this->is_page ) { return false; } if ( empty( $page ) ) { return true; } $page_obj = $this->get_queried_object(); if ( ! $page_obj ) { return false; } $page = array_map( 'strval', (array) $page ); if ( in_array( (string) $page_obj->ID, $page, true ) ) { return true; } elseif ( in_array( $page_obj->post_title, $page, true ) ) { return true; } elseif ( in_array( $page_obj->post_name, $page, true ) ) { return true; } else { foreach ( $page as $pagepath ) { if ( ! strpos( $pagepath, '/' ) ) { continue; } $pagepath_obj = get_page_by_path( $pagepath ); if ( $pagepath_obj && ( $pagepath_obj->ID === $page_obj->ID ) ) { return true; } } } return false; } /** * Determines whether the query is for a paged result and not for the first page. * * @since 3.1.0 * * @return bool Whether the query is for a paged result. */ public function is_paged() { return (bool) $this->is_paged; } /** * Determines whether the query is for a post or page preview. * * @since 3.1.0 * * @return bool Whether the query is for a post or page preview. */ public function is_preview() { return (bool) $this->is_preview; } /** * Determines whether the query is for the robots.txt file. * * @since 3.1.0 * * @return bool Whether the query is for the robots.txt file. */ public function is_robots() { return (bool) $this->is_robots; } /** * Determines whether the query is for the favicon.ico file. * * @since 5.4.0 * * @return bool Whether the query is for the favicon.ico file. */ public function is_favicon() { return (bool) $this->is_favicon; } /** * Determines whether the query is for a search. * * @since 3.1.0 * * @return bool Whether the query is for a search. */ public function is_search() { return (bool) $this->is_search; } /** * Determines whether the query is for an existing single post. * * Works for any post type excluding pages. * * If the $post parameter is specified, this function will additionally * check if the query is for one of the Posts specified. * * @since 3.1.0 * * @see WP_Query::is_page() * @see WP_Query::is_singular() * * @param int|string|int[]|string[] $post Optional. Post ID, title, slug, path, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing single post. */ public function is_single( $post = '' ) { if ( ! $this->is_single ) { return false; } if ( empty( $post ) ) { return true; } $post_obj = $this->get_queried_object(); if ( ! $post_obj ) { return false; } $post = array_map( 'strval', (array) $post ); if ( in_array( (string) $post_obj->ID, $post, true ) ) { return true; } elseif ( in_array( $post_obj->post_title, $post, true ) ) { return true; } elseif ( in_array( $post_obj->post_name, $post, true ) ) { return true; } else { foreach ( $post as $postpath ) { if ( ! strpos( $postpath, '/' ) ) { continue; } $postpath_obj = get_page_by_path( $postpath, OBJECT, $post_obj->post_type ); if ( $postpath_obj && ( $postpath_obj->ID === $post_obj->ID ) ) { return true; } } } return false; } /** * Determines whether the query is for an existing single post of any post type * (post, attachment, page, custom post types). * * If the $post_types parameter is specified, this function will additionally * check if the query is for one of the Posts Types specified. * * @since 3.1.0 * * @see WP_Query::is_page() * @see WP_Query::is_single() * * @param string|string[] $post_types Optional. Post type or array of post types * to check against. Default empty. * @return bool Whether the query is for an existing single post * or any of the given post types. */ public function is_singular( $post_types = '' ) { if ( empty( $post_types ) || ! $this->is_singular ) { return (bool) $this->is_singular; } $post_obj = $this->get_queried_object(); if ( ! $post_obj ) { return false; } return in_array( $post_obj->post_type, (array) $post_types, true ); } /** * Determines whether the query is for a specific time. * * @since 3.1.0 * * @return bool Whether the query is for a specific time. */ public function is_time() { return (bool) $this->is_time; } /** * Determines whether the query is for a trackback endpoint call. * * @since 3.1.0 * * @return bool Whether the query is for a trackback endpoint call. */ public function is_trackback() { return (bool) $this->is_trackback; } /** * Determines whether the query is for an existing year archive. * * @since 3.1.0 * * @return bool Whether the query is for an existing year archive. */ public function is_year() { return (bool) $this->is_year; } /** * Determines whether the query is a 404 (returns no results). * * @since 3.1.0 * * @return bool Whether the query is a 404 error. */ public function is_404() { return (bool) $this->is_404; } /** * Determines whether the query is for an embedded post. * * @since 4.4.0 * * @return bool Whether the query is for an embedded post. */ public function is_embed() { return (bool) $this->is_embed; } /** * Determines whether the query is the main query. * * @since 3.3.0 * * @global WP_Query $wp_the_query WordPress Query object. * * @return bool Whether the query is the main query. */ public function is_main_query() { global $wp_the_query; return $wp_the_query === $this; } /** * Sets up global post data. * * @since 4.1.0 * @since 4.4.0 Added the ability to pass a post ID to `$post`. * * @global int $id * @global WP_User $authordata * @global string $currentday * @global string $currentmonth * @global int $page * @global array $pages * @global int $multipage * @global int $more * @global int $numpages * * @param WP_Post|object|int $post WP_Post instance or Post ID/object. * @return true True when finished. */ public function setup_postdata( $post ) { global $id, $authordata, $currentday, $currentmonth, $page, $pages, $multipage, $more, $numpages; if ( ! ( $post instanceof WP_Post ) ) { $post = get_post( $post ); } if ( ! $post ) { return; } $elements = $this->generate_postdata( $post ); if ( false === $elements ) { return; } $id = $elements['id']; $authordata = $elements['authordata']; $currentday = $elements['currentday']; $currentmonth = $elements['currentmonth']; $page = $elements['page']; $pages = $elements['pages']; $multipage = $elements['multipage']; $more = $elements['more']; $numpages = $elements['numpages']; /** * Fires once the post data has been set up. * * @since 2.8.0 * @since 4.1.0 Introduced `$query` parameter. * * @param WP_Post $post The Post object (passed by reference). * @param WP_Query $query The current Query object (passed by reference). */ do_action_ref_array( 'the_post', array( &$post, &$this ) ); return true; } /** * Generates post data. * * @since 5.2.0 * * @param WP_Post|object|int $post WP_Post instance or Post ID/object. * @return array|false Elements of post or false on failure. */ public function generate_postdata( $post ) { if ( ! ( $post instanceof WP_Post ) ) { $post = get_post( $post ); } if ( ! $post ) { return false; } $id = (int) $post->ID; $authordata = get_userdata( $post->post_author ); $currentday = false; $currentmonth = false; $post_date = $post->post_date; if ( ! empty( $post_date ) && '0000-00-00 00:00:00' !== $post_date ) { // Avoid using mysql2date for performance reasons. $currentmonth = substr( $post_date, 5, 2 ); $day = substr( $post_date, 8, 2 ); $year = substr( $post_date, 2, 2 ); $currentday = sprintf( '%s.%s.%s', $day, $currentmonth, $year ); } $numpages = 1; $multipage = 0; $page = $this->get( 'page' ); if ( ! $page ) { $page = 1; } /* * Force full post content when viewing the permalink for the $post, * or when on an RSS feed. Otherwise respect the 'more' tag. */ if ( get_queried_object_id() === $post->ID && ( $this->is_page() || $this->is_single() ) ) { $more = 1; } elseif ( $this->is_feed() ) { $more = 1; } else { $more = 0; } $content = $post->post_content; if ( str_contains( $content, '<!--nextpage-->' ) ) { $content = str_replace( "\n<!--nextpage-->\n", '<!--nextpage-->', $content ); $content = str_replace( "\n<!--nextpage-->", '<!--nextpage-->', $content ); $content = str_replace( "<!--nextpage-->\n", '<!--nextpage-->', $content ); // Remove the nextpage block delimiters, to avoid invalid block structures in the split content. $content = str_replace( '<!-- wp:nextpage -->', '', $content ); $content = str_replace( '<!-- /wp:nextpage -->', '', $content ); // Ignore nextpage at the beginning of the content. if ( str_starts_with( $content, '<!--nextpage-->' ) ) { $content = substr( $content, 15 ); } $pages = explode( '<!--nextpage-->', $content ); } else { $pages = array( $post->post_content ); } /** * Filters the "pages" derived from splitting the post content. * * "Pages" are determined by splitting the post content based on the presence * of `<!-- nextpage -->` tags. * * @since 4.4.0 * * @param string[] $pages Array of "pages" from the post content split by `<!-- nextpage -->` tags. * @param WP_Post $post Current post object. */ $pages = apply_filters( 'content_pagination', $pages, $post ); $numpages = count( $pages ); if ( $numpages > 1 ) { if ( $page > 1 ) { $more = 1; } $multipage = 1; } else { $multipage = 0; } $elements = compact( 'id', 'authordata', 'currentday', 'currentmonth', 'page', 'pages', 'multipage', 'more', 'numpages' ); return $elements; } /** * Generates cache key. * * @since 6.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $args Query arguments. * @param string $sql SQL statement. * @return string Cache key. */ protected function generate_cache_key( array $args, $sql ) { global $wpdb; unset( $args['cache_results'], $args['fields'], $args['lazy_load_term_meta'], $args['update_post_meta_cache'], $args['update_post_term_cache'], $args['update_menu_item_cache'], $args['suppress_filters'] ); if ( empty( $args['post_type'] ) ) { if ( $this->is_attachment ) { $args['post_type'] = 'attachment'; } elseif ( $this->is_page ) { $args['post_type'] = 'page'; } else { $args['post_type'] = 'post'; } } elseif ( 'any' === $args['post_type'] ) { $args['post_type'] = array_values( get_post_types( array( 'exclude_from_search' => false ) ) ); } $args['post_type'] = (array) $args['post_type']; // Sort post types to ensure same cache key generation. sort( $args['post_type'] ); /* * Sort arrays that can be used for ordering prior to cache key generation. * * These arrays are sorted in the query generator for the purposes of the * WHERE clause but the arguments are not modified as they can be used for * the orderby clause. * * Their use in the orderby clause will generate a different SQL query so * they can be sorted for the cache key generation. */ $sortable_arrays_with_int_values = array( 'post__in', 'post_parent__in', ); foreach ( $sortable_arrays_with_int_values as $key ) { if ( isset( $args[ $key ] ) && is_array( $args[ $key ] ) ) { $args[ $key ] = array_unique( array_map( 'absint', $args[ $key ] ) ); sort( $args[ $key ] ); } } // Sort and unique the 'post_name__in' for cache key generation. if ( isset( $args['post_name__in'] ) && is_array( $args['post_name__in'] ) ) { $args['post_name__in'] = array_unique( $args['post_name__in'] ); sort( $args['post_name__in'] ); } if ( isset( $args['post_status'] ) ) { $args['post_status'] = (array) $args['post_status']; // Sort post status to ensure same cache key generation. sort( $args['post_status'] ); } // Add a default orderby value of date to ensure same cache key generation. if ( ! isset( $args['orderby'] ) ) { $args['orderby'] = 'date'; } $placeholder = $wpdb->placeholder_escape(); array_walk_recursive( $args, /* * Replace wpdb placeholders with the string used in the database * query to avoid unreachable cache keys. This is necessary because * the placeholder is randomly generated in each request. * * $value is passed by reference to allow it to be modified. * array_walk_recursive() does not return an array. */ static function ( &$value ) use ( $wpdb, $placeholder ) { if ( is_string( $value ) && str_contains( $value, $placeholder ) ) { $value = $wpdb->remove_placeholder_escape( $value ); } } ); ksort( $args ); // Replace wpdb placeholder in the SQL statement used by the cache key. $sql = $wpdb->remove_placeholder_escape( $sql ); $key = md5( serialize( $args ) . $sql ); $this->query_cache_key = "wp_query:$key"; return $this->query_cache_key; } /** * After looping through a nested query, this function * restores the $post global to the current post in this query. * * @since 3.7.0 * * @global WP_Post $post Global post object. */ public function reset_postdata() { if ( ! empty( $this->post ) ) { $GLOBALS['post'] = $this->post; $this->setup_postdata( $this->post ); } } /** * Lazyloads term meta for posts in the loop. * * @since 4.4.0 * @deprecated 4.5.0 See wp_queue_posts_for_term_meta_lazyload(). * * @param mixed $check * @param int $term_id * @return mixed */ public function lazyload_term_meta( $check, $term_id ) { _deprecated_function( __METHOD__, '4.5.0' ); return $check; } /** * Lazyloads comment meta for comments in the loop. * * @since 4.4.0 * @deprecated 4.5.0 See wp_lazyload_comment_meta(). * * @param mixed $check * @param int $comment_id * @return mixed */ public function lazyload_comment_meta( $check, $comment_id ) { _deprecated_function( __METHOD__, '4.5.0' ); return $check; } } https-detection-20260605171209.php 0000666 00000013341 15225074365 0012000 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } functions.wp-styles.php 0000666 00000020701 15225074365 0011250 0 ustar 00 <?php /** * Dependencies API: Styles functions * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Initializes $wp_styles if it has not been set. * * @since 4.2.0 * * @global WP_Styles $wp_styles * * @return WP_Styles WP_Styles instance. */ function wp_styles() { global $wp_styles; if ( ! ( $wp_styles instanceof WP_Styles ) ) { $wp_styles = new WP_Styles(); } return $wp_styles; } /** * Displays styles that are in the $handles queue. * * Passing an empty array to $handles prints the queue, * passing an array with one string prints that style, * and passing an array of strings prints those styles. * * @since 2.6.0 * * @global WP_Styles $wp_styles The WP_Styles object for printing styles. * * @param string|bool|array $handles Styles to be printed. Default 'false'. * @return string[] On success, an array of handles of processed WP_Dependencies items; otherwise, an empty array. */ function wp_print_styles( $handles = false ) { global $wp_styles; if ( '' === $handles ) { // For 'wp_head'. $handles = false; } if ( ! $handles ) { /** * Fires before styles in the $handles queue are printed. * * @since 2.6.0 */ do_action( 'wp_print_styles' ); } _wp_scripts_maybe_doing_it_wrong( __FUNCTION__ ); if ( ! ( $wp_styles instanceof WP_Styles ) ) { if ( ! $handles ) { return array(); // No need to instantiate if nothing is there. } } return wp_styles()->do_items( $handles ); } /** * Adds extra CSS styles to a registered stylesheet. * * Styles will only be added if the stylesheet is already in the queue. * Accepts a string $data containing the CSS. If two or more CSS code blocks * are added to the same stylesheet $handle, they will be printed in the order * they were added, i.e. the latter added styles can redeclare the previous. * * @see WP_Styles::add_inline_style() * * @since 3.3.0 * * @param string $handle Name of the stylesheet to add the extra styles to. * @param string $data String containing the CSS styles to be added. * @return bool True on success, false on failure. */ function wp_add_inline_style( $handle, $data ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); if ( false !== stripos( $data, '</style>' ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: <style>, 2: wp_add_inline_style() */ __( 'Do not pass %1$s tags to %2$s.' ), '<code><style></code>', '<code>wp_add_inline_style()</code>' ), '3.7.0' ); $data = trim( preg_replace( '#<style[^>]*>(.*)</style>#is', '$1', $data ) ); } return wp_styles()->add_inline_style( $handle, $data ); } /** * Registers a CSS stylesheet. * * @see WP_Dependencies::add() * @link https://www.w3.org/TR/CSS2/media.html#media-types List of CSS media types. * * @since 2.6.0 * @since 4.3.0 A return value was added. * * @param string $handle Name of the stylesheet. Should be unique. * @param string|false $src Full URL of the stylesheet, or path of the stylesheet relative to the WordPress root directory. * If source is set to false, stylesheet is an alias of other stylesheets it depends on. * @param string[] $deps Optional. An array of registered stylesheet handles this stylesheet depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying stylesheet version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param string $media Optional. The media for which this stylesheet has been defined. * Default 'all'. Accepts media types like 'all', 'print' and 'screen', or media queries like * '(orientation: portrait)' and '(max-width: 640px)'. * @return bool Whether the style has been registered. True on success, false on failure. */ function wp_register_style( $handle, $src, $deps = array(), $ver = false, $media = 'all' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return wp_styles()->add( $handle, $src, $deps, $ver, $media ); } /** * Removes a registered stylesheet. * * @see WP_Dependencies::remove() * * @since 2.1.0 * * @param string $handle Name of the stylesheet to be removed. */ function wp_deregister_style( $handle ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); wp_styles()->remove( $handle ); } /** * Enqueues a CSS stylesheet. * * Registers the style if source provided (does NOT overwrite) and enqueues. * * @see WP_Dependencies::add() * @see WP_Dependencies::enqueue() * @link https://www.w3.org/TR/CSS2/media.html#media-types List of CSS media types. * * @since 2.6.0 * * @param string $handle Name of the stylesheet. Should be unique. * @param string $src Full URL of the stylesheet, or path of the stylesheet relative to the WordPress root directory. * Default empty. * @param string[] $deps Optional. An array of registered stylesheet handles this stylesheet depends on. Default empty array. * @param string|bool|null $ver Optional. String specifying stylesheet version number, if it has one, which is added to the URL * as a query string for cache busting purposes. If version is set to false, a version * number is automatically added equal to current installed WordPress version. * If set to null, no version is added. * @param string $media Optional. The media for which this stylesheet has been defined. * Default 'all'. Accepts media types like 'all', 'print' and 'screen', or media queries like * '(orientation: portrait)' and '(max-width: 640px)'. */ function wp_enqueue_style( $handle, $src = '', $deps = array(), $ver = false, $media = 'all' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); $wp_styles = wp_styles(); if ( $src ) { $_handle = explode( '?', $handle ); $wp_styles->add( $_handle[0], $src, $deps, $ver, $media ); } $wp_styles->enqueue( $handle ); } /** * Removes a previously enqueued CSS stylesheet. * * @see WP_Dependencies::dequeue() * * @since 3.1.0 * * @param string $handle Name of the stylesheet to be removed. */ function wp_dequeue_style( $handle ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); wp_styles()->dequeue( $handle ); } /** * Checks whether a CSS stylesheet has been added to the queue. * * @since 2.8.0 * * @param string $handle Name of the stylesheet. * @param string $status Optional. Status of the stylesheet to check. Default 'enqueued'. * Accepts 'enqueued', 'registered', 'queue', 'to_do', and 'done'. * @return bool Whether style is queued. */ function wp_style_is( $handle, $status = 'enqueued' ) { _wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle ); return (bool) wp_styles()->query( $handle, $status ); } /** * Adds metadata to a CSS stylesheet. * * Works only if the stylesheet has already been registered. * * Possible values for $key and $value: * 'rtl' bool|string To declare an RTL stylesheet. * 'suffix' string Optional suffix, used in combination with RTL. * 'alt' bool For rel="alternate stylesheet". * 'title' string For preferred/alternate stylesheets. * 'path' string The absolute path to a stylesheet. Stylesheet will * load inline when 'path' is set. * * @see WP_Dependencies::add_data() * * @since 3.6.0 * @since 5.8.0 Added 'path' as an official value for $key. * See {@see wp_maybe_inline_styles()}. * @since 6.9.0 'conditional' value changed. If the 'conditional' parameter is present * the stylesheet will be ignored. * * @param string $handle Name of the stylesheet. * @param string $key Name of data point for which we're storing a value. * Accepts 'rtl' and 'suffix', 'alt', 'title' and 'path'. * @param mixed $value String containing the CSS data to be added. * @return bool True on success, false on failure. */ function wp_style_add_data( $handle, $key, $value ) { return wp_styles()->add_data( $handle, $key, $value ); } https-migration-20260605082215.php 0000666 00000011205 15225074365 0012006 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605125244.php 0000666 00000011205 15225074365 0012006 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606111420.php 0000666 00000011205 15225074365 0011776 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605082209.php 0000666 00000013341 15225074365 0012001 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605082157.php 0000666 00000013341 15225074365 0012003 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-scripts.php 0000666 00000104060 15225074365 0010511 0 ustar 00 <?php /** * Dependencies API: WP_Scripts class * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Core class used to register scripts. * * @since 2.1.0 * * @see WP_Dependencies */ class WP_Scripts extends WP_Dependencies { /** * Base URL for scripts. * * Full URL with trailing slash. * * @since 2.6.0 * @var string */ public $base_url; /** * URL of the content directory. * * @since 2.8.0 * @var string */ public $content_url; /** * Default version string for scripts. * * @since 2.6.0 * @var string */ public $default_version; /** * Holds handles of scripts which are enqueued in footer. * * @since 2.8.0 * @var array */ public $in_footer = array(); /** * Holds a list of script handles which will be concatenated. * * @since 2.8.0 * @var string */ public $concat = ''; /** * Holds a string which contains script handles and their version. * * @since 2.8.0 * @deprecated 3.4.0 * @var string */ public $concat_version = ''; /** * Whether to perform concatenation. * * @since 2.8.0 * @var bool */ public $do_concat = false; /** * Holds HTML markup of scripts and additional data if concatenation * is enabled. * * @since 2.8.0 * @var string */ public $print_html = ''; /** * Holds inline code if concatenation is enabled. * * @since 2.8.0 * @var string */ public $print_code = ''; /** * Holds a list of script handles which are not in the default directory * if concatenation is enabled. * * Unused in core. * * @since 2.8.0 * @var string */ public $ext_handles = ''; /** * Holds a string which contains handles and versions of scripts which * are not in the default directory if concatenation is enabled. * * Unused in core. * * @since 2.8.0 * @var string */ public $ext_version = ''; /** * List of default directories. * * @since 2.8.0 * @var array */ public $default_dirs; /** * Holds a mapping of dependents (as handles) for a given script handle. * Used to optimize recursive dependency tree checks. * * @since 6.3.0 * @var array<string, string[]> */ private $dependents_map = array(); /** * Holds a reference to the delayed (non-blocking) script loading strategies. * Used by methods that validate loading strategies. * * @since 6.3.0 * @var string[] */ private $delayed_strategies = array( 'defer', 'async' ); /** * Constructor. * * @since 2.6.0 */ public function __construct() { $this->init(); add_action( 'init', array( $this, 'init' ), 0 ); } /** * Initialize the class. * * @since 3.4.0 */ public function init() { /** * Fires when the WP_Scripts instance is initialized. * * @since 2.6.0 * * @param WP_Scripts $wp_scripts WP_Scripts instance (passed by reference). */ do_action_ref_array( 'wp_default_scripts', array( &$this ) ); } /** * Prints scripts. * * Prints the scripts passed to it or the print queue. Also prints all necessary dependencies. * * @since 2.1.0 * @since 2.8.0 Added the `$group` parameter. * * @param string|string[]|false $handles Optional. Scripts to be printed: queue (false), * single script (string), or multiple scripts (array of strings). * Default false. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return string[] Handles of scripts that have been printed. */ public function print_scripts( $handles = false, $group = false ) { return $this->do_items( $handles, $group ); } /** * Prints extra scripts of a registered script. * * @since 2.1.0 * @since 2.8.0 Added the `$display` parameter. * @deprecated 3.3.0 * * @see print_extra_script() * * @param string $handle The script's registered handle. * @param bool $display Optional. Whether to print the extra script * instead of just returning it. Default true. * @return bool|string|void Void if no data exists, extra scripts if `$display` is true, * true otherwise. */ public function print_scripts_l10n( $handle, $display = true ) { _deprecated_function( __FUNCTION__, '3.3.0', 'WP_Scripts::print_extra_script()' ); return $this->print_extra_script( $handle, $display ); } /** * Prints extra scripts of a registered script. * * @since 3.3.0 * * @param string $handle The script's registered handle. * @param bool $display Optional. Whether to print the extra script * instead of just returning it. Default true. * @return bool|string|void Void if no data exists, extra scripts if `$display` is true, * true otherwise. */ public function print_extra_script( $handle, $display = true ) { $output = $this->get_data( $handle, 'data' ); if ( ! $output ) { return; } /* * Do not print a sourceURL comment if concatenation is enabled. * * Extra scripts may be concatenated into a single script. * The line-based sourceURL comments may break concatenated scripts * and do not make sense when multiple scripts are joined together. */ if ( ! $this->do_concat ) { $output .= sprintf( "\n//# sourceURL=%s", rawurlencode( "{$handle}-js-extra" ) ); } if ( ! $display ) { return $output; } wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-extra" ) ); return true; } /** * Checks whether all dependents of a given handle are in the footer. * * If there are no dependents, this is considered the same as if all dependents were in the footer. * * @since 6.4.0 * * @param string $handle Script handle. * @return bool Whether all dependents are in the footer. */ private function are_all_dependents_in_footer( $handle ) { foreach ( $this->get_dependents( $handle ) as $dep ) { if ( isset( $this->groups[ $dep ] ) && 0 === $this->groups[ $dep ] ) { return false; } } return true; } /** * Processes a script dependency. * * @since 2.6.0 * @since 2.8.0 Added the `$group` parameter. * * @see WP_Dependencies::do_item() * * @param string $handle The script's registered handle. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool True on success, false on failure. */ public function do_item( $handle, $group = false ) { if ( ! parent::do_item( $handle ) ) { return false; } if ( 0 === $group && $this->groups[ $handle ] > 0 ) { $this->in_footer[] = $handle; return false; } if ( false === $group && in_array( $handle, $this->in_footer, true ) ) { $this->in_footer = array_diff( $this->in_footer, (array) $handle ); } $obj = $this->registered[ $handle ]; if ( $obj->extra['conditional'] ?? false ) { return false; } if ( null === $obj->ver ) { $ver = ''; } else { $ver = $obj->ver ? $obj->ver : $this->default_version; } if ( isset( $this->args[ $handle ] ) ) { $ver = $ver ? $ver . '&' . $this->args[ $handle ] : $this->args[ $handle ]; } $src = $obj->src; $strategy = $this->get_eligible_loading_strategy( $handle ); $intended_strategy = (string) $this->get_data( $handle, 'strategy' ); if ( ! $this->is_delayed_strategy( $intended_strategy ) ) { $intended_strategy = ''; } /* * Move this script to the footer if: * 1. The script is in the header group. * 2. The current output is the header. * 3. The intended strategy is delayed. * 4. The actual strategy is not delayed. * 5. All dependent scripts are in the footer. */ if ( 0 === $group && 0 === $this->groups[ $handle ] && $intended_strategy && ! $this->is_delayed_strategy( $strategy ) && $this->are_all_dependents_in_footer( $handle ) ) { $this->in_footer[] = $handle; return false; } $before_script = $this->get_inline_script_tag( $handle, 'before' ); $after_script = $this->get_inline_script_tag( $handle, 'after' ); if ( $before_script || $after_script ) { $inline_script_tag = $before_script . $after_script; } else { $inline_script_tag = ''; } /* * Prevent concatenation of scripts if the text domain is defined * to ensure the dependency order is respected. */ $translations_stop_concat = ! empty( $obj->textdomain ); $translations = $this->print_translations( $handle, false ); if ( $translations ) { /* * The sourceURL comment is not included by WP_Scripts::print_translations() * when `$display` is `false` to prevent issues where the script tag contents are used * by extenders for other purposes, for example concatenated with other script content. * * Include the sourceURL comment here as it would be when printed directly. */ $source_url = rawurlencode( "{$handle}-js-translations" ); $translations .= "\n//# sourceURL={$source_url}"; $translations = wp_get_inline_script_tag( $translations, array( 'id' => "{$handle}-js-translations" ) ); } if ( $this->do_concat ) { /** * Filters the script loader source. * * @since 2.2.0 * * @param string $src Script loader source path. * @param string $handle Script handle. */ $filtered_src = apply_filters( 'script_loader_src', $src, $handle ); if ( $this->in_default_dir( $filtered_src ) && ( $before_script || $after_script || $translations_stop_concat || $this->is_delayed_strategy( $strategy ) ) ) { $this->do_concat = false; // Have to print the so-far concatenated scripts right away to maintain the right order. _print_scripts(); $this->reset(); } elseif ( $this->in_default_dir( $filtered_src ) ) { $this->print_code .= $this->print_extra_script( $handle, false ); $this->concat .= "$handle,"; $this->concat_version .= "$handle$ver"; return true; } else { $this->ext_handles .= "$handle,"; $this->ext_version .= "$handle$ver"; } } $this->print_extra_script( $handle ); // A single item may alias a set of items, by having dependencies, but no source. if ( ! $src ) { if ( $inline_script_tag ) { if ( $this->do_concat ) { $this->print_html .= $inline_script_tag; } else { echo $inline_script_tag; } } return true; } if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $this->content_url && str_starts_with( $src, $this->content_url ) ) ) { $src = $this->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url_raw( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { return true; } $attr = array( 'src' => $src, 'id' => "{$handle}-js", ); if ( $strategy ) { $attr[ $strategy ] = true; } if ( $intended_strategy ) { $attr['data-wp-strategy'] = $intended_strategy; } // Determine fetchpriority. $original_fetchpriority = isset( $obj->extra['fetchpriority'] ) ? $obj->extra['fetchpriority'] : null; if ( null === $original_fetchpriority || ! $this->is_valid_fetchpriority( $original_fetchpriority ) ) { $original_fetchpriority = 'auto'; } $actual_fetchpriority = $this->get_highest_fetchpriority_with_dependents( $handle ); if ( null === $actual_fetchpriority ) { // If null, it's likely this script was not explicitly enqueued, so in this case use the original priority. $actual_fetchpriority = $original_fetchpriority; } if ( is_string( $actual_fetchpriority ) && 'auto' !== $actual_fetchpriority ) { $attr['fetchpriority'] = $actual_fetchpriority; } if ( $original_fetchpriority !== $actual_fetchpriority ) { $attr['data-wp-fetchpriority'] = $original_fetchpriority; } $tag = $translations . $before_script; $tag .= wp_get_script_tag( $attr ); $tag .= $after_script; /** * Filters the HTML script tag of an enqueued script. * * @since 4.1.0 * * @param string $tag The `<script>` tag for the enqueued script. * @param string $handle The script's registered handle. * @param string $src The script's source URL. */ $tag = apply_filters( 'script_loader_tag', $tag, $handle, $src ); if ( $this->do_concat ) { $this->print_html .= $tag; } else { echo $tag; } return true; } /** * Adds extra code to a registered script. * * @since 4.5.0 * * @param string $handle Name of the script to add the inline script to. * Must be lowercase. * @param string $data String containing the JavaScript to be added. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @return bool True on success, false on failure. */ public function add_inline_script( $handle, $data, $position = 'after' ) { if ( ! $data ) { return false; } if ( 'after' !== $position ) { $position = 'before'; } $script = (array) $this->get_data( $handle, $position ); $script[] = $data; return $this->add_data( $handle, $position, $script ); } /** * Prints inline scripts registered for a specific handle. * * @since 4.5.0 * @deprecated 6.3.0 Use methods get_inline_script_tag() or get_inline_script_data() instead. * * @param string $handle Name of the script to print inline scripts for. * Must be lowercase. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @param bool $display Optional. Whether to print the script tag * instead of just returning the script data. Default true. * @return string|false Script data on success, false otherwise. */ public function print_inline_script( $handle, $position = 'after', $display = true ) { _deprecated_function( __METHOD__, '6.3.0', 'WP_Scripts::get_inline_script_data() or WP_Scripts::get_inline_script_tag()' ); $output = $this->get_inline_script_data( $handle, $position ); if ( empty( $output ) ) { return false; } if ( $display ) { echo $this->get_inline_script_tag( $handle, $position ); } return $output; } /** * Gets data for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get data for. * Must be lowercase. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @return string Inline script, which may be empty string. */ public function get_inline_script_data( $handle, $position = 'after' ) { $data = $this->get_data( $handle, $position ); if ( empty( $data ) || ! is_array( $data ) ) { return ''; } /* * Print sourceURL comment regardless of concatenation. * * Inline scripts prevent scripts from being concatenated, so * sourceURL comments are safe to print for inline scripts. */ $data[] = sprintf( '//# sourceURL=%s', rawurlencode( "{$handle}-js-{$position}" ) ); return trim( implode( "\n", $data ), "\n" ); } /** * Gets tags for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get associated inline script tag for. * Must be lowercase. * @param string $position Optional. Whether to get tag for inline * scripts in the before or after position. Default 'after'. * @return string Inline script, which may be empty string. */ public function get_inline_script_tag( $handle, $position = 'after' ) { $js = $this->get_inline_script_data( $handle, $position ); if ( empty( $js ) ) { return ''; } $id = "{$handle}-js-{$position}"; return wp_get_inline_script_tag( $js, compact( 'id' ) ); } /** * Localizes a script, only if the script has already been added. * * @since 2.1.0 * * @param string $handle Name of the script to attach data to. * @param string $object_name Name of the variable that will contain the data. * @param array $l10n Array of data to localize. * @return bool True on success, false on failure. */ public function localize( $handle, $object_name, $l10n ) { if ( 'jquery' === $handle ) { $handle = 'jquery-core'; } if ( is_array( $l10n ) && isset( $l10n['l10n_print_after'] ) ) { // back compat, preserve the code in 'l10n_print_after' if present. $after = $l10n['l10n_print_after']; unset( $l10n['l10n_print_after'] ); } if ( ! is_array( $l10n ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $l10n, 2: wp_add_inline_script() */ __( 'The %1$s parameter must be an array. To pass arbitrary data to scripts, use the %2$s function instead.' ), '<code>$l10n</code>', '<code>wp_add_inline_script()</code>' ), '5.7.0' ); if ( false === $l10n ) { // This should really not be needed, but is necessary for backward compatibility. $l10n = array( $l10n ); } } if ( is_string( $l10n ) ) { $l10n = html_entity_decode( $l10n, ENT_QUOTES, 'UTF-8' ); } elseif ( is_array( $l10n ) ) { foreach ( $l10n as $key => $value ) { if ( ! is_scalar( $value ) ) { continue; } $l10n[ $key ] = html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8' ); } } $script = "var $object_name = " . wp_json_encode( $l10n, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';'; if ( ! empty( $after ) ) { $script .= "\n$after;"; } $data = $this->get_data( $handle, 'data' ); if ( ! empty( $data ) ) { $script = "$data\n$script"; } return $this->add_data( $handle, 'data', $script ); } /** * Sets handle group. * * @since 2.8.0 * * @see WP_Dependencies::set_group() * * @param string $handle Name of the item. Should be unique. * @param bool $recursion Internal flag that calling function was called recursively. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool Not already in the group or a lower group. */ public function set_group( $handle, $recursion, $group = false ) { if ( isset( $this->registered[ $handle ]->args ) && 1 === $this->registered[ $handle ]->args ) { $calculated_group = 1; } else { $calculated_group = (int) $this->get_data( $handle, 'group' ); } if ( false !== $group && $calculated_group > $group ) { $calculated_group = $group; } return parent::set_group( $handle, $recursion, $calculated_group ); } /** * Sets a translation textdomain. * * @since 5.0.0 * @since 5.1.0 The `$domain` parameter was made optional. * * @param string $handle Name of the script to register a translation domain to. * @param string $domain Optional. Text domain. Default 'default'. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool True if the text domain was registered, false if not. */ public function set_translations( $handle, $domain = 'default', $path = '' ) { if ( ! isset( $this->registered[ $handle ] ) ) { return false; } /** @var \_WP_Dependency $obj */ $obj = $this->registered[ $handle ]; if ( ! in_array( 'wp-i18n', $obj->deps, true ) ) { $obj->deps[] = 'wp-i18n'; } return $obj->set_translations( $domain, $path ); } /** * Prints translations set for a specific handle. * * @since 5.0.0 * * @param string $handle Name of the script to add the inline script to. * Must be lowercase. * @param bool $display Optional. Whether to print the script * instead of just returning it. Default true. * @return string|false Script on success, false otherwise. */ public function print_translations( $handle, $display = true ) { if ( ! isset( $this->registered[ $handle ] ) || empty( $this->registered[ $handle ]->textdomain ) ) { return false; } $domain = $this->registered[ $handle ]->textdomain; $path = ''; if ( isset( $this->registered[ $handle ]->translations_path ) ) { $path = $this->registered[ $handle ]->translations_path; } $json_translations = load_script_textdomain( $handle, $domain, $path ); if ( ! $json_translations ) { return false; } $output = <<<JS ( function( domain, translations ) { var localeData = translations.locale_data[ domain ] || translations.locale_data.messages; localeData[""].domain = domain; wp.i18n.setLocaleData( localeData, domain ); } )( "{$domain}", {$json_translations} ); JS; if ( $display ) { $source_url = rawurlencode( "{$handle}-js-translations" ); $output .= "\n//# sourceURL={$source_url}"; wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-translations" ) ); } return $output; } /** * Determines script dependencies. * * @since 2.1.0 * * @see WP_Dependencies::all_deps() * * @param string|string[] $handles Item handle (string) or item handles (array of strings). * @param bool $recursion Optional. Internal flag that function is calling itself. * Default false. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool True on success, false on failure. */ public function all_deps( $handles, $recursion = false, $group = false ) { $result = parent::all_deps( $handles, $recursion, $group ); if ( ! $recursion ) { /** * Filters the list of script dependencies left to print. * * @since 2.3.0 * * @param string[] $to_do An array of script dependency handles. */ $this->to_do = apply_filters( 'print_scripts_array', $this->to_do ); } return $result; } /** * Processes items and dependencies for the head group. * * @since 2.8.0 * * @see WP_Dependencies::do_items() * * @return string[] Handles of items that have been processed. */ public function do_head_items() { $this->do_items( false, 0 ); return $this->done; } /** * Processes items and dependencies for the footer group. * * @since 2.8.0 * * @see WP_Dependencies::do_items() * * @return string[] Handles of items that have been processed. */ public function do_footer_items() { $this->do_items( false, 1 ); return $this->done; } /** * Whether a handle's source is in a default directory. * * @since 2.8.0 * * @param string $src The source of the enqueued script. * @return bool True if found, false if not. */ public function in_default_dir( $src ) { if ( ! $this->default_dirs ) { return true; } if ( str_starts_with( $src, '/' . WPINC . '/js/l10n' ) ) { return false; } foreach ( (array) $this->default_dirs as $test ) { if ( str_starts_with( $src, $test ) ) { return true; } } return false; } /** * This overrides the add_data method from WP_Dependencies, to support normalizing of $args. * * @since 6.3.0 * * @param string $handle Name of the item. Should be unique. * @param string $key The data key. * @param mixed $value The data value. * @return bool True on success, false on failure. */ public function add_data( $handle, $key, $value ) { if ( ! isset( $this->registered[ $handle ] ) ) { return false; } if ( 'conditional' === $key ) { // If a dependency is declared by a conditional script, remove it. $this->registered[ $handle ]->deps = array(); } if ( 'strategy' === $key ) { if ( ! empty( $value ) && ! $this->is_delayed_strategy( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $strategy, 2: $handle */ __( 'Invalid strategy `%1$s` defined for `%2$s` during script registration.' ), $value, $handle ), '6.3.0' ); return false; } elseif ( ! $this->registered[ $handle ]->src && $this->is_delayed_strategy( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $strategy, 2: $handle */ __( 'Cannot supply a strategy `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ), $value, $handle ), '6.3.0' ); return false; } } elseif ( 'fetchpriority' === $key ) { if ( empty( $value ) ) { $value = 'auto'; } if ( ! $this->is_valid_fetchpriority( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $handle */ __( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ), is_string( $value ) ? $value : gettype( $value ), $handle ), '6.9.0' ); return false; } elseif ( ! $this->registered[ $handle ]->src ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $handle */ __( 'Cannot supply a fetchpriority `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ), is_string( $value ) ? $value : gettype( $value ), $handle ), '6.9.0' ); return false; } } return parent::add_data( $handle, $key, $value ); } /** * Gets all dependents of a script. * * This is not recursive. * * @since 6.3.0 * * @param string $handle The script handle. * @return string[] Script handles. */ private function get_dependents( $handle ) { // Check if dependents map for the handle in question is present. If so, use it. if ( isset( $this->dependents_map[ $handle ] ) ) { return $this->dependents_map[ $handle ]; } $dependents = array(); // Iterate over all registered scripts, finding dependents of the script passed to this method. foreach ( $this->registered as $registered_handle => $args ) { if ( in_array( $handle, $args->deps, true ) ) { $dependents[] = $registered_handle; } } // Add the handles dependents to the map to ease future lookups. $this->dependents_map[ $handle ] = $dependents; return $dependents; } /** * Checks if the strategy passed is a valid delayed (non-blocking) strategy. * * @since 6.3.0 * * @param string|mixed $strategy The strategy to check. * @return bool True if $strategy is one of the delayed strategies, otherwise false. */ private function is_delayed_strategy( $strategy ): bool { return in_array( $strategy, $this->delayed_strategies, true ); } /** * Checks if the provided fetchpriority is valid. * * @since 6.9.0 * * @param string|mixed $priority Fetch priority. * @return bool Whether valid fetchpriority. */ private function is_valid_fetchpriority( $priority ): bool { return in_array( $priority, array( 'auto', 'low', 'high' ), true ); } /** * Gets the best eligible loading strategy for a script. * * @since 6.3.0 * * @param string $handle The script handle. * @return string The best eligible loading strategy. */ private function get_eligible_loading_strategy( $handle ) { $intended_strategy = (string) $this->get_data( $handle, 'strategy' ); // Bail early if there is no intended strategy. if ( ! $intended_strategy ) { return ''; } /* * If the intended strategy is 'defer', limit the initial list of eligible * strategies, since 'async' can fallback to 'defer', but not vice-versa. */ $initial_strategy = ( 'defer' === $intended_strategy ) ? array( 'defer' ) : null; $eligible_strategies = $this->filter_eligible_strategies( $handle, $initial_strategy ); // Return early once we know the eligible strategy is blocking. if ( empty( $eligible_strategies ) ) { return ''; } return in_array( 'async', $eligible_strategies, true ) ? 'async' : 'defer'; } /** * Filter the list of eligible loading strategies for a script. * * @since 6.3.0 * * @param string $handle The script handle. * @param string[]|null $eligible_strategies Optional. The list of strategies to filter. Default null. * @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops. * @param array<string, string[]> $stored_results Optional. An array of already computed eligible loading strategies by handle, used to increase performance in large dependency lists. * @return string[] A list of eligible loading strategies that could be used. */ private function filter_eligible_strategies( $handle, $eligible_strategies = null, $checked = array(), array &$stored_results = array() ) { if ( isset( $stored_results[ $handle ] ) ) { return $stored_results[ $handle ]; } // If no strategies are being passed, all strategies are eligible. if ( null === $eligible_strategies ) { $eligible_strategies = $this->delayed_strategies; } // If this handle was already checked, return early. if ( isset( $checked[ $handle ] ) ) { return $eligible_strategies; } // Mark this handle as checked. $checked[ $handle ] = true; // If this handle isn't registered, don't filter anything and return. if ( ! isset( $this->registered[ $handle ] ) ) { return $eligible_strategies; } // If the handle is not enqueued, don't filter anything and return. if ( ! $this->query( $handle, 'enqueued' ) ) { return $eligible_strategies; } $is_alias = (bool) ! $this->registered[ $handle ]->src; $intended_strategy = $this->get_data( $handle, 'strategy' ); // For non-alias handles, an empty intended strategy filters all strategies. if ( ! $is_alias && empty( $intended_strategy ) ) { return array(); } // Handles with inline scripts attached in the 'after' position cannot be delayed. if ( $this->has_inline_script( $handle, 'after' ) ) { return array(); } // If the intended strategy is 'defer', filter out 'async'. if ( 'defer' === $intended_strategy ) { $eligible_strategies = array( 'defer' ); } $dependents = $this->get_dependents( $handle ); // Recursively filter eligible strategies for dependents. foreach ( $dependents as $dependent ) { // Bail early once we know the eligible strategy is blocking. if ( empty( $eligible_strategies ) ) { return array(); } $eligible_strategies = $this->filter_eligible_strategies( $dependent, $eligible_strategies, $checked, $stored_results ); } $stored_results[ $handle ] = $eligible_strategies; return $eligible_strategies; } /** * Gets the highest fetch priority for a given script and all of its dependent scripts. * * @since 6.9.0 * @see self::filter_eligible_strategies() * @see WP_Script_Modules::get_highest_fetchpriority() * * @param string $handle Script module ID. * @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops. * @param array<string, string> $stored_results Optional. An array of already computed max priority by handle, used to increase performance in large dependency lists. * @return string|null Highest fetch priority for the script and its dependents. */ private function get_highest_fetchpriority_with_dependents( string $handle, array $checked = array(), array &$stored_results = array() ): ?string { if ( isset( $stored_results[ $handle ] ) ) { return $stored_results[ $handle ]; } // If there is a recursive dependency, return early. if ( isset( $checked[ $handle ] ) ) { return null; } // Mark this handle as checked to guard against infinite recursion. $checked[ $handle ] = true; // Abort if the script is not enqueued or a dependency of an enqueued script. if ( ! $this->query( $handle, 'enqueued' ) ) { return null; } $fetchpriority = $this->get_data( $handle, 'fetchpriority' ); if ( ! $this->is_valid_fetchpriority( $fetchpriority ) ) { $fetchpriority = 'auto'; } static $priorities = array( 'low', 'auto', 'high', ); $high_priority_index = count( $priorities ) - 1; $highest_priority_index = (int) array_search( $fetchpriority, $priorities, true ); if ( $highest_priority_index !== $high_priority_index ) { foreach ( $this->get_dependents( $handle ) as $dependent_handle ) { $dependent_priority = $this->get_highest_fetchpriority_with_dependents( $dependent_handle, $checked, $stored_results ); if ( is_string( $dependent_priority ) ) { $highest_priority_index = max( $highest_priority_index, (int) array_search( $dependent_priority, $priorities, true ) ); if ( $highest_priority_index === $high_priority_index ) { break; } } } } $stored_results[ $handle ] = $priorities[ $highest_priority_index ]; // @phpstan-ignore parameterByRef.type (We know the index is valid and that this will be a string.) return $priorities[ $highest_priority_index ]; } /** * Gets data for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get data for. Must be lowercase. * @param string $position The position of the inline script. * @return bool Whether the handle has an inline script (either before or after). */ private function has_inline_script( $handle, $position = null ) { if ( $position && in_array( $position, array( 'before', 'after' ), true ) ) { return (bool) $this->get_data( $handle, $position ); } return (bool) ( $this->get_data( $handle, 'before' ) || $this->get_data( $handle, 'after' ) ); } /** * Resets class properties. * * @since 2.8.0 */ public function reset() { $this->do_concat = false; $this->print_code = ''; $this->concat = ''; $this->concat_version = ''; $this->print_html = ''; $this->ext_version = ''; $this->ext_handles = ''; } /** * Gets a script-specific dependency warning message. * * @since 6.9.1 * * @param string $handle Script handle with missing dependencies. * @param string[] $missing_dependency_handles Missing dependency handles. * @return string Formatted, localized warning message. */ protected function get_dependency_warning_message( $handle, $missing_dependency_handles ) { return sprintf( /* translators: 1: Script handle, 2: List of missing dependency handles. */ __( 'The script with the handle "%1$s" was enqueued with dependencies that are not registered: %2$s.' ), $handle, implode( wp_get_list_item_separator(), $missing_dependency_handles ) ); } } speculative-loading.php 0000666 00000020630 15225074365 0011232 0 ustar 00 <?php /** * Speculative loading functions. * * @package WordPress * @subpackage Speculative Loading * @since 6.8.0 */ /** * Returns the speculation rules configuration. * * @since 6.8.0 * * @return array<string, string>|null Associative array with 'mode' and 'eagerness' keys, or null if speculative * loading is disabled. */ function wp_get_speculation_rules_configuration(): ?array { // By default, speculative loading is only enabled for sites with pretty permalinks when no user is logged in. if ( ! is_user_logged_in() && get_option( 'permalink_structure' ) ) { $config = array( 'mode' => 'auto', 'eagerness' => 'auto', ); } else { $config = null; } /** * Filters the way that speculation rules are configured. * * The Speculation Rules API is a web API that allows to automatically prefetch or prerender certain URLs on the * page, which can lead to near-instant page load times. This is also referred to as speculative loading. * * There are two aspects to the configuration: * * The "mode" (whether to "prefetch" or "prerender" URLs). * * The "eagerness" (whether to speculatively load URLs in an "eager", "moderate", or "conservative" way). * * By default, the speculation rules configuration is decided by WordPress Core ("auto"). This filter can be used * to force a certain configuration, which could for instance load URLs more or less eagerly. * * For logged-in users or for sites that are not configured to use pretty permalinks, the default value is `null`, * indicating that speculative loading is entirely disabled. * * @since 6.8.0 * @see https://developer.chrome.com/docs/web-platform/prerender-pages * * @param array<string, string>|null $config Associative array with 'mode' and 'eagerness' keys, or `null`. The * default value for both of the keys is 'auto'. Other possible values * for 'mode' are 'prefetch' and 'prerender'. Other possible values for * 'eagerness' are 'eager', 'moderate', and 'conservative'. The value * `null` is used to disable speculative loading entirely. */ $config = apply_filters( 'wp_speculation_rules_configuration', $config ); // Allow the value `null` to indicate that speculative loading is disabled. if ( null === $config ) { return null; } // Sanitize the configuration and replace 'auto' with current defaults. $default_mode = 'prefetch'; $default_eagerness = 'conservative'; if ( ! is_array( $config ) ) { return array( 'mode' => $default_mode, 'eagerness' => $default_eagerness, ); } if ( ! isset( $config['mode'] ) || 'auto' === $config['mode'] || ! WP_Speculation_Rules::is_valid_mode( $config['mode'] ) ) { $config['mode'] = $default_mode; } if ( ! isset( $config['eagerness'] ) || 'auto' === $config['eagerness'] || ! WP_Speculation_Rules::is_valid_eagerness( $config['eagerness'] ) || // 'immediate' is a valid eagerness, but for safety WordPress does not allow it for document-level rules. 'immediate' === $config['eagerness'] ) { $config['eagerness'] = $default_eagerness; } return array( 'mode' => $config['mode'], 'eagerness' => $config['eagerness'], ); } /** * Returns the full speculation rules data based on the configuration. * * Plugins with features that rely on frontend URLs to exclude from prefetching or prerendering should use the * {@see 'wp_speculation_rules_href_exclude_paths'} filter to ensure those URL patterns are excluded. * * Additional speculation rules other than the default rule from WordPress Core can be provided by using the * {@see 'wp_load_speculation_rules'} action and amending the passed WP_Speculation_Rules object. * * @since 6.8.0 * @access private * * @return WP_Speculation_Rules|null Object representing the speculation rules to use, or null if speculative loading * is disabled in the current context. */ function wp_get_speculation_rules(): ?WP_Speculation_Rules { $configuration = wp_get_speculation_rules_configuration(); if ( null === $configuration ) { return null; } $mode = $configuration['mode']; $eagerness = $configuration['eagerness']; $prefixer = new WP_URL_Pattern_Prefixer(); $base_href_exclude_paths = array( $prefixer->prefix_path_pattern( '/wp-*.php', 'site' ), $prefixer->prefix_path_pattern( '/wp-admin/*', 'site' ), $prefixer->prefix_path_pattern( '/*', 'uploads' ), $prefixer->prefix_path_pattern( '/*', 'content' ), $prefixer->prefix_path_pattern( '/*', 'plugins' ), $prefixer->prefix_path_pattern( '/*', 'template' ), $prefixer->prefix_path_pattern( '/*', 'stylesheet' ), ); /* * If pretty permalinks are enabled, exclude any URLs with query parameters. * Otherwise, exclude specifically the URLs with a `_wpnonce` query parameter or any other query parameter * containing the word `nonce`. */ if ( get_option( 'permalink_structure' ) ) { $base_href_exclude_paths[] = $prefixer->prefix_path_pattern( '/*\\?(.+)', 'home' ); } else { $base_href_exclude_paths[] = $prefixer->prefix_path_pattern( '/*\\?*(^|&)*nonce*=*', 'home' ); } /** * Filters the paths for which speculative loading should be disabled. * * All paths should start in a forward slash, relative to the root document. The `*` can be used as a wildcard. * If the WordPress site is in a subdirectory, the exclude paths will automatically be prefixed as necessary. * * Note that WordPress always excludes certain path patterns such as `/wp-login.php` and `/wp-admin/*`, and those * cannot be modified using the filter. * * @since 6.8.0 * * @param string[] $href_exclude_paths Additional path patterns to disable speculative loading for. * @param string $mode Mode used to apply speculative loading. Either 'prefetch' or 'prerender'. */ $href_exclude_paths = (array) apply_filters( 'wp_speculation_rules_href_exclude_paths', array(), $mode ); // Ensure that: // 1. There are no duplicates. // 2. The base paths cannot be removed. // 3. The array has sequential keys (i.e. array_is_list()). $href_exclude_paths = array_values( array_unique( array_merge( $base_href_exclude_paths, array_map( static function ( string $href_exclude_path ) use ( $prefixer ): string { return $prefixer->prefix_path_pattern( $href_exclude_path ); }, $href_exclude_paths ) ) ) ); $speculation_rules = new WP_Speculation_Rules(); $main_rule_conditions = array( // Include any URLs within the same site. array( 'href_matches' => $prefixer->prefix_path_pattern( '/*' ), ), // Except for excluded paths. array( 'not' => array( 'href_matches' => $href_exclude_paths, ), ), // Also exclude rel=nofollow links, as certain plugins use that on their links that perform an action. array( 'not' => array( 'selector_matches' => 'a[rel~="nofollow"]', ), ), // Also exclude links that are explicitly marked to opt out, either directly or via a parent element. array( 'not' => array( 'selector_matches' => ".no-{$mode}, .no-{$mode} a", ), ), ); // If using 'prerender', also exclude links that opt out of 'prefetch' because it's part of 'prerender'. if ( 'prerender' === $mode ) { $main_rule_conditions[] = array( 'not' => array( 'selector_matches' => '.no-prefetch, .no-prefetch a', ), ); } $speculation_rules->add_rule( $mode, 'main', array( 'source' => 'document', 'where' => array( 'and' => $main_rule_conditions, ), 'eagerness' => $eagerness, ) ); /** * Fires when speculation rules data is loaded, allowing to amend the rules. * * @since 6.8.0 * * @param WP_Speculation_Rules $speculation_rules Object representing the speculation rules to use. */ do_action( 'wp_load_speculation_rules', $speculation_rules ); return $speculation_rules; } /** * Prints the speculation rules. * * For browsers that do not support speculation rules yet, the `script[type="speculationrules"]` tag will be ignored. * * @since 6.8.0 * @access private */ function wp_print_speculation_rules(): void { $speculation_rules = wp_get_speculation_rules(); if ( null === $speculation_rules ) { return; } wp_print_inline_script_tag( (string) wp_json_encode( $speculation_rules, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), array( 'type' => 'speculationrules' ) ); } https-detection-20260605080431.php 0000666 00000013341 15225074365 0011774 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605114228.php 0000666 00000011205 15225074365 0012006 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } template-canvas.php 0000666 00000001040 15225074365 0010351 0 ustar 00 <?php /** * Template canvas file to render the current 'wp_template'. * * @package WordPress */ /* * Get the template HTML. * This needs to run before <head> so that blocks can add scripts and styles in wp_head(). */ $template_html = get_the_block_template_html(); ?><!DOCTYPE html> <html <?php language_attributes(); ?>> <head> <meta charset="<?php bloginfo( 'charset' ); ?>" /> <?php wp_head(); ?> </head> <body <?php body_class(); ?>> <?php wp_body_open(); ?> <?php echo $template_html; ?> <?php wp_footer(); ?> </body> </html> class-wp-comment.php 0000666 00000022335 15225074365 0010470 0 ustar 00 <?php /** * Comment API: WP_Comment class * * @package WordPress * @subpackage Comments * @since 4.4.0 */ /** * Core class used to organize comments as instantiated objects with defined members. * * @since 4.4.0 */ #[AllowDynamicProperties] final class WP_Comment { /** * Comment ID. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ public $comment_ID; /** * ID of the post the comment is associated with. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ public $comment_post_ID = '0'; /** * Comment author name. * * @since 4.4.0 * @var string */ public $comment_author = ''; /** * Comment author email address. * * @since 4.4.0 * @var string */ public $comment_author_email = ''; /** * Comment author URL. * * @since 4.4.0 * @var string */ public $comment_author_url = ''; /** * Comment author IP address (IPv4 format). * * @since 4.4.0 * @var string */ public $comment_author_IP = ''; /** * Comment date in YYYY-MM-DD HH:MM:SS format. * * @since 4.4.0 * @var string */ public $comment_date = '0000-00-00 00:00:00'; /** * Comment GMT date in YYYY-MM-DD HH::MM:SS format. * * @since 4.4.0 * @var string */ public $comment_date_gmt = '0000-00-00 00:00:00'; /** * Comment content. * * @since 4.4.0 * @var string */ public $comment_content; /** * Comment karma count. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ public $comment_karma = '0'; /** * Comment approval status. * * @since 4.4.0 * @var string */ public $comment_approved = '1'; /** * Comment author HTTP user agent. * * @since 4.4.0 * @var string */ public $comment_agent = ''; /** * Comment type. * * @since 4.4.0 * @since 5.5.0 Default value changed to `comment`. * @var string */ public $comment_type = 'comment'; /** * Parent comment ID. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ public $comment_parent = '0'; /** * Comment author ID. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ public $user_id = '0'; /** * Comment children. * * @since 4.4.0 * @var array */ protected $children; /** * Whether children have been populated for this comment object. * * @since 4.4.0 * @var bool */ protected $populated_children = false; /** * Post fields. * * @since 4.4.0 * @var array */ protected $post_fields = array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_content_filtered', 'post_parent', 'guid', 'menu_order', 'post_type', 'post_mime_type', 'comment_count' ); /** * Retrieves a WP_Comment instance. * * @since 4.4.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $id Comment ID. * @return WP_Comment|false Comment object, otherwise false. */ public static function get_instance( $id ) { global $wpdb; $comment_id = (int) $id; if ( ! $comment_id ) { return false; } $_comment = wp_cache_get( $comment_id, 'comment' ); if ( ! $_comment ) { $_comment = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id ) ); if ( ! $_comment ) { return false; } wp_cache_add( $_comment->comment_ID, $_comment, 'comment' ); } return new WP_Comment( $_comment ); } /** * Constructor. * * Populates properties with object vars. * * @since 4.4.0 * * @param WP_Comment $comment Comment object. */ public function __construct( $comment ) { foreach ( get_object_vars( $comment ) as $key => $value ) { $this->$key = $value; } } /** * Converts object to array. * * @since 4.4.0 * * @return array Object as array. */ public function to_array() { return get_object_vars( $this ); } /** * Gets the children of a comment. * * @since 4.4.0 * * @param array $args { * Array of arguments used to pass to get_comments() and determine format. * * @type string $format Return value format. 'tree' for a hierarchical tree, 'flat' for a flattened array. * Default 'tree'. * @type string $status Comment status to limit results by. Accepts 'hold' (`comment_status=0`), * 'approve' (`comment_status=1`), 'all', or a custom comment status. * Default 'all'. * @type string $hierarchical Whether to include comment descendants in the results. * 'threaded' returns a tree, with each comment's children * stored in a `children` property on the `WP_Comment` object. * 'flat' returns a flat array of found comments plus their children. * Pass `false` to leave out descendants. * The parameter is ignored (forced to `false`) when `$fields` is 'ids' or 'counts'. * Accepts 'threaded', 'flat', or false. Default: 'threaded'. * @type string|array $orderby Comment status or array of statuses. To use 'meta_value' * or 'meta_value_num', `$meta_key` must also be defined. * To sort by a specific `$meta_query` clause, use that * clause's array key. Accepts 'comment_agent', * 'comment_approved', 'comment_author', * 'comment_author_email', 'comment_author_IP', * 'comment_author_url', 'comment_content', 'comment_date', * 'comment_date_gmt', 'comment_ID', 'comment_karma', * 'comment_parent', 'comment_post_ID', 'comment_type', * 'user_id', 'comment__in', 'meta_value', 'meta_value_num', * the value of $meta_key, and the array keys of * `$meta_query`. Also accepts false, an empty array, or * 'none' to disable `ORDER BY` clause. * } * @return WP_Comment[] Array of `WP_Comment` objects. */ public function get_children( $args = array() ) { $defaults = array( 'format' => 'tree', 'status' => 'all', 'hierarchical' => 'threaded', 'orderby' => '', ); $_args = wp_parse_args( $args, $defaults ); $_args['parent'] = $this->comment_ID; if ( is_null( $this->children ) ) { if ( $this->populated_children ) { $this->children = array(); } else { $this->children = get_comments( $_args ); } } if ( 'flat' === $_args['format'] ) { $children = array(); foreach ( $this->children as $child ) { $child_args = $_args; $child_args['format'] = 'flat'; // get_children() resets this value automatically. unset( $child_args['parent'] ); $children = array_merge( $children, array( $child ), $child->get_children( $child_args ) ); } } else { $children = $this->children; } return $children; } /** * Adds a child to the comment. * * Used by `WP_Comment_Query` when bulk-filling descendants. * * @since 4.4.0 * * @param WP_Comment $child Child comment. */ public function add_child( WP_Comment $child ) { $this->children[ $child->comment_ID ] = $child; } /** * Gets a child comment by ID. * * @since 4.4.0 * * @param int $child_id ID of the child. * @return WP_Comment|false Returns the comment object if found, otherwise false. */ public function get_child( $child_id ) { if ( isset( $this->children[ $child_id ] ) ) { return $this->children[ $child_id ]; } return false; } /** * Sets the 'populated_children' flag. * * This flag is important for ensuring that calling `get_children()` on a childless comment will not trigger * unneeded database queries. * * @since 4.4.0 * * @param bool $set Whether the comment's children have already been populated. */ public function populated_children( $set ) { $this->populated_children = (bool) $set; } /** * Determines whether a non-public property is set. * * If `$name` matches a post field, the comment post will be loaded and the post's value checked. * * @since 4.4.0 * * @param string $name Property to check if set. * @return bool Whether the property is set. */ public function __isset( $name ) { if ( in_array( $name, $this->post_fields, true ) && 0 !== (int) $this->comment_post_ID ) { $post = get_post( $this->comment_post_ID ); return property_exists( $post, $name ); } return false; } /** * Magic getter. * * If `$name` matches a post field, the comment post will be loaded and the post's value returned. * * @since 4.4.0 * * @param string $name Property name. * @return mixed */ public function __get( $name ) { if ( in_array( $name, $this->post_fields, true ) ) { $post = get_post( $this->comment_post_ID ); return $post->$name; } } } https-detection-20260605034026.php 0000666 00000013341 15225074365 0011773 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260613232255.php 0000666 00000013341 15225074365 0011776 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605022840.php 0000666 00000013341 15225074365 0011774 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605080452.php 0000666 00000013341 15225074365 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605080358.php 0000666 00000013341 15225074365 0012004 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605081608.php 0000666 00000013341 15225074365 0012003 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260623210321.php 0000666 00000013341 15225074365 0011765 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606112432.php 0000666 00000011205 15225074365 0012002 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } embed-content.php 0000666 00000006634 15225074365 0010027 0 ustar 00 <?php /** * Contains the post embed content template part * * When a post is embedded in an iframe, this file is used to create the content template part * output if the active theme does not include an embed-content.php template. * * @package WordPress * @subpackage Theme_Compat * @since 4.5.0 */ ?> <div <?php post_class( 'wp-embed' ); ?>> <?php $thumbnail_id = 0; if ( has_post_thumbnail() ) { $thumbnail_id = get_post_thumbnail_id(); } if ( 'attachment' === get_post_type() && wp_attachment_is_image() ) { $thumbnail_id = get_the_ID(); } /** * Filters the thumbnail image ID for use in the embed template. * * @since 4.9.0 * * @param int|false $thumbnail_id Attachment ID, or false if there is none. */ $thumbnail_id = apply_filters( 'embed_thumbnail_id', $thumbnail_id ); if ( $thumbnail_id ) { $aspect_ratio = 1; $measurements = array( 1, 1 ); $image_size = 'full'; // Fallback. $meta = wp_get_attachment_metadata( $thumbnail_id ); if ( ! empty( $meta['sizes'] ) ) { foreach ( $meta['sizes'] as $size => $data ) { if ( $data['height'] > 0 && $data['width'] / $data['height'] > $aspect_ratio ) { $aspect_ratio = $data['width'] / $data['height']; $measurements = array( $data['width'], $data['height'] ); $image_size = $size; } } } /** * Filters the thumbnail image size for use in the embed template. * * @since 4.4.0 * @since 4.5.0 Added `$thumbnail_id` parameter. * * @param string $image_size Thumbnail image size. * @param int $thumbnail_id Attachment ID. */ $image_size = apply_filters( 'embed_thumbnail_image_size', $image_size, $thumbnail_id ); $shape = $measurements[0] / $measurements[1] >= 1.75 ? 'rectangular' : 'square'; /** * Filters the thumbnail shape for use in the embed template. * * Rectangular images are shown above the title while square images * are shown next to the content. * * @since 4.4.0 * @since 4.5.0 Added `$thumbnail_id` parameter. * * @param string $shape Thumbnail image shape. Either 'rectangular' or 'square'. * @param int $thumbnail_id Attachment ID. */ $shape = apply_filters( 'embed_thumbnail_image_shape', $shape, $thumbnail_id ); } if ( $thumbnail_id && 'rectangular' === $shape ) : ?> <div class="wp-embed-featured-image rectangular"> <a href="<?php the_permalink(); ?>" target="_top"> <?php echo wp_get_attachment_image( $thumbnail_id, $image_size ); ?> </a> </div> <?php endif; ?> <p class="wp-embed-heading"> <a href="<?php the_permalink(); ?>" target="_top"> <?php the_title(); ?> </a> </p> <?php if ( $thumbnail_id && 'square' === $shape ) : ?> <div class="wp-embed-featured-image square"> <a href="<?php the_permalink(); ?>" target="_top"> <?php echo wp_get_attachment_image( $thumbnail_id, $image_size ); ?> </a> </div> <?php endif; ?> <div class="wp-embed-excerpt"><?php the_excerpt_embed(); ?></div> <?php /** * Prints additional content after the embed excerpt. * * @since 4.4.0 */ do_action( 'embed_content' ); ?> <div class="wp-embed-footer"> <?php the_embed_site_title(); ?> <div class="wp-embed-meta"> <?php /** * Prints additional meta content in the embed template. * * @since 4.4.0 */ do_action( 'embed_content_meta' ); ?> </div> </div> </div> <?php https-migration-20260606042005.php 0000666 00000011205 15225074365 0012000 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605225728.php 0000666 00000011205 15225074365 0012016 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } sidebar.php 0000666 00000010611 15225074365 0006702 0 ustar 00 <?php /** * @package WordPress * @subpackage Theme_Compat * @deprecated 3.0.0 * * This file is here for backward compatibility with old themes and will be removed in a future version. */ _deprecated_file( /* translators: %s: Template name. */ sprintf( __( 'Theme without %s' ), basename( __FILE__ ) ), '3.0.0', null, /* translators: %s: Template name. */ sprintf( __( 'Please include a %s template in your theme.' ), basename( __FILE__ ) ) ); ?> <div id="sidebar" role="complementary"> <ul> <?php /* Widgetized sidebar, if you have the plugin installed. */ if ( ! function_exists( 'dynamic_sidebar' ) || ! dynamic_sidebar() ) : ?> <li> <?php get_search_form(); ?> </li> <!-- Author information is disabled per default. Uncomment and fill in your details if you want to use it. <li><h2><?php _e( 'Author' ); ?></h2> <p>A little something about you, the author. Nothing lengthy, just an overview.</p> </li> --> <?php if ( is_404() || is_category() || is_day() || is_month() || is_year() || is_search() || is_paged() ) : ?> <li> <?php if ( is_404() ) : /* If this is a 404 page */ ?> <?php elseif ( is_category() ) : /* If this is a category archive */ ?> <p> <?php printf( /* translators: %s: Category name. */ __( 'You are currently browsing the archives for the %s category.' ), single_cat_title( '', false ) ); ?> </p> <?php elseif ( is_day() ) : /* If this is a daily archive */ ?> <p> <?php printf( /* translators: 1: Site link, 2: Archive date. */ __( 'You are currently browsing the %1$s blog archives for the day %2$s.' ), sprintf( '<a href="%1$s/">%2$s</a>', get_bloginfo( 'url' ), get_bloginfo( 'name' ) ), /* translators: Daily archives date format. See https://www.php.net/manual/datetime.format.php */ get_the_time( __( 'l, F jS, Y' ) ) ); ?> </p> <?php elseif ( is_month() ) : /* If this is a monthly archive */ ?> <p> <?php printf( /* translators: 1: Site link, 2: Archive month. */ __( 'You are currently browsing the %1$s blog archives for %2$s.' ), sprintf( '<a href="%1$s/">%2$s</a>', get_bloginfo( 'url' ), get_bloginfo( 'name' ) ), /* translators: Monthly archives date format. See https://www.php.net/manual/datetime.format.php */ get_the_time( __( 'F, Y' ) ) ); ?> </p> <?php elseif ( is_year() ) : /* If this is a yearly archive */ ?> <p> <?php printf( /* translators: 1: Site link, 2: Archive year. */ __( 'You are currently browsing the %1$s blog archives for the year %2$s.' ), sprintf( '<a href="%1$s/">%2$s</a>', get_bloginfo( 'url' ), get_bloginfo( 'name' ) ), get_the_time( 'Y' ) ); ?> </p> <?php elseif ( is_search() ) : /* If this is a search result */ ?> <p> <?php printf( /* translators: 1: Site link, 2: Search query. */ __( 'You have searched the %1$s blog archives for <strong>‘%2$s’</strong>. If you are unable to find anything in these search results, you can try one of these links.' ), sprintf( '<a href="%1$s/">%2$s</a>', get_bloginfo( 'url' ), get_bloginfo( 'name' ) ), esc_html( get_search_query() ) ); ?> </p> <?php elseif ( isset( $_GET['paged'] ) && ! empty( $_GET['paged'] ) ) : /* If this set is paginated */ ?> <p> <?php printf( /* translators: %s: Site link. */ __( 'You are currently browsing the %s blog archives.' ), sprintf( '<a href="%1$s/">%2$s</a>', get_bloginfo( 'url' ), get_bloginfo( 'name' ) ) ); ?> </p> <?php endif; ?> </li> <?php endif; ?> </ul> <ul role="navigation"> <?php wp_list_pages( 'title_li=<h2>' . __( 'Pages' ) . '</h2>' ); ?> <li><h2><?php _e( 'Archives' ); ?></h2> <ul> <?php wp_get_archives( array( 'type' => 'monthly' ) ); ?> </ul> </li> <?php wp_list_categories( array( 'show_count' => 1, 'title_li' => '<h2>' . __( 'Categories' ) . '</h2>', ) ); ?> </ul> <ul> <?php if ( is_home() || is_page() ) { /* If this is the frontpage */ ?> <?php wp_list_bookmarks(); ?> <li><h2><?php _e( 'Meta' ); ?></h2> <ul> <?php wp_register(); ?> <li><?php wp_loginout(); ?></li> <?php wp_meta(); ?> </ul> </li> <?php } ?> <?php endif; /* ! dynamic_sidebar() */ ?> </ul> </div>
| ver. 1.4 |
Github
|
.
| PHP 5.4.45 | Generation time: 0.07 |
proxy
|
phpinfo
|
Settings